Microsoft Exchange Online for Security Operations release notes

  • Release version: Store
  • Updated June 11, 2026
  • 4 minutes to read
  • Version history for the Microsoft Exchange Online for Security Operations application on the ServiceNow Store.

    Important:
    For details on system requirements and family compatibility, view the application listing on the ServiceNow Store website.

    Version history

    Version 10.7.4 - June 2026
    Fixed: Email search by subject line keywords returned no results because the Hunting API query used exact match (==) instead of keyword match (has) for the Subject field.
    Version 10.7.3 - March 2026
    • Fixed:
      • Comments entered while rejecting email requests are now correctly reflected in the associated Security Incident Response.
      • Email search requests no longer fail when the subject query contains quotation marks.
    Version 10.7.2 - January 2026
    Fixed: Fixed an incorrect “email search is still running” message shown during the deletion approval step.
    Version 10.7.0 - December 2025
    New: Upgraded all dictionary-level read-only fields to Strict Read-Only to enhance security and prevent unauthorized changes. This update ensures the server consistently enforces read-only behaviour across all UIs, scripts, and integrations.
    Version 10.6.5 - May 2025
    Fixed: Remove/hide unsupported email fields from the email search criteria.
    Version 10.6.3 - February 2025
    Changed: Migrated workflows to flow designer.
    Version 10.6.2 - March 2024
    • Fixed:
      • Supports non-ANSI characters in Threat-Hunting API query.
      • Supports Graph URL configuration for Federal customers.
    Version 10.5.5 - December 2023
    Fixed: Addressed the misconfiguration of table/field ACLs within the com.snc.secops.ms.exchange.online plugin.
    Version 10.5.2 - November 2021
    • Fixed:
      • Added additional password-related policies.
      • Failure of Email search, if the Exchange Module V2 is not present in MID server.
      • Termination of Email search workflow because of an activity count limit.
      • Improved PowerShell error logging for proper stack trace if an error is seen in the processing.
    Version 10.5.0 - August 2021
    • New: Support for Multi Factor Authentication (MFA) at the Tenant Level
    • Fixed: Ability to delete emails from the email server through the UI action - 'Delete Emails from Exchange Online' that is present under the Email Search Results section
    Version 10.4.2 - February 2021
    Fixed: This release includes a fix from double encoding a query to single encoding, to address the functionality change by Microsoft Graph API. Microsoft Graph API has modified their functionality which causes no results to appear when running a query. For example, if the subject contains a space, then results don't appear. Only the count of emails is returned. A system property sn_sec_ms_ex_on.single_encode has been added to specify the use of single encoded or double encoded search queries. It defaults to single encoded queries.
    Version 10.4.1 - December 2020
    • New:
      • A security tag is applied to a security incident, and a work note is created when the search and delete action fails.
      • An error email notification is sent to a group, and a work note is created when the Microsoft Exchange Online OAuth credentials expire.
    • Changed:
      • Email Search and delete action includes junk folder for matching phishing emails and deletes them.
      • Email Search Result record is created when the search and delete action fails.
    Version 10.3.2 - June 2020
    • New: Additional setting Email Result Threshold for Approvals
    • Changed: Threshold configuration for Request Delete Approvals
    Version 10.0.1 - March 2020
    • New:
      • Introduced troubleshooting capabilities by adding diagnostics tests that provide the ability to isolate issues with the integration
      • New system property added to increase debug level logging
    • Fixed: UI alignment of buttons present on the Microsoft Exchange Online configuration settings
    Version 8.0.3 - September 2019
    Fixed:
    • Improved error handling for unsupported characters
    • Fixed support for valid special characters such as apostrophes, double quotations, and colons (PRB1358086)
    Version 8.0.2 - August 2019
    • New:
      • Additional Settings parameters for Maximum Search Duration and Search Completion Notification
      • MID Server Routing Changes: Provides ability to selectively route the integration searches to designated MID Servers that have the necessary MID Server capabilities enabled (instead of all MID Servers)
    • Changed:
      • Application tile configuration modifications: With the MID Server routing changes in this update, it is no longer necessary to designate a MID Server during the initial authentication set-up. In addition, there is a new status indicator for the MID Server Ready that will distinguish an authentication credential problem from a MID Server availability issue.
      • Approval rejection notes are now posted to the work notes when an approval is rejected and the approver provides a reason to the SOC analyst.
      • Email search results now contain the full message details, including the subject field that was missing with some platform versions.
    • Fixed: Searches were previously not able to retrieve matching messages when the subject contained special characters, such as #. Special characters are now supported in the email subject parameter for searches.
    Version 5.0.0 - March 2019
    • Configure search criteria for phishing threats in Security Incident Response based on combinations of the sender, recipient, and subject fields on email messages.
    • For large and lengthy email searches, the security incident analyst is notified via email when a search is successfully completed, along with the number of matched messages.
    • Status for individual messages informs you if recipients have read or deleted suspicious emails.
    • If configured, optional approval processes ensure that suspicious emails are not deleted without prior approval.
    • A complete audit trail for delete requests that includes the number of deleted emails is logged in the work notes of security incidents.
    • If tagging is configured, security tags record when email search and delete workflows are initiated and successfully completed on security incidents.