Microsoft has introduced a big safety enhancement for Outlook customers, implementing the retirement of inline SVG picture assist throughout Outlook for Internet and the brand new Outlook for Home windows platforms.
This alteration represents a proactive measure to strengthen e-mail safety infrastructure and defend customers from potential cybersecurity threats.
The rollout timeline has been strategically structured to make sure complete protection throughout all Microsoft 365 environments.
The worldwide deployment commenced in early September 2025 and was accomplished by mid-September 2025, affecting normal business tenants.
Disable SVG Photos Show in Outlook
For presidency and specialised environments, together with GCC, GCC-H, DoD, and Gallatin deployments, the implementation started mid-September 2025 with completion scheduled for mid-October 2025.
This phased method permits Microsoft to observe the implementation’s influence whereas offering organizations enough time to regulate their e-mail communication methods.
The change particularly targets inline SVG rendering, the place SVG pictures embedded instantly inside e-mail content material will now not show, showing as clean areas as a substitute.
The retirement of inline SVG assist addresses crucial safety vulnerabilities, notably cross-site scripting (XSS) assaults that may exploit SVG’s XML-based construction.
SVG recordsdata can include malicious JavaScript code, making them potential vectors for classy cyberattacks when rendered inline inside e-mail purchasers.
Microsoft’s information signifies this transformation impacts lower than 0.1% of all pictures utilized in Outlook, minimizing operational disruption whereas maximizing safety advantages.
The choice aligns Outlook’s habits with industry-standard e-mail consumer practices that already prohibit inline SVG rendering capabilities.
Importantly, SVG attachments stay absolutely supported, permitting customers to proceed sharing SVG recordsdata by way of conventional attachment strategies.
Recipients can nonetheless view these recordsdata by downloading them from the attachment part, sustaining performance whereas eliminating inline rendering dangers.
Organizations require no rapid motion from directors or end-users, although Microsoft recommends updating inner documentation and informing customers who regularly make the most of inline SVGs in e-mail communications.
This proactive safety measure demonstrates Microsoft’s dedication to sustaining sturdy e-mail safety requirements whereas preserving important communication performance for enterprise and particular person customers throughout the Microsoft 365 ecosystem.
Observe us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to characteristic your tales.
