![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 37%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJF%3C/text%3E%3C/svg%3E)
Outlook | Windows | New Outlook for Windows | For business
Using New Outlook on Windows for professional communication and productivity
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 83%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELD%3C/text%3E%3C/svg%3E)
Dear @Jack Feckner,
I hope you’re having a good day.
Your concern is completely valid, and the mixed information you are seeing online is understandable.
The address o365mc@microsoft.com is a Microsoft‑owned sending address that is used by the Microsoft 365 Message Center. Microsoft 365 administrators can receive service communications from the Message Center either directly in the admin portal or via email notifications, including the “Weekly digest: Microsoft service updates” that you described. This type of weekly digest is an expected and documented behavior of the Message Center, and the content you described matches that purpose.
At the same time, it is important to understand why there are warnings about this address on the internet. In rare cases, Microsoft has confirmed that the Message Center’s email‑sharing functionality has been misused, allowing non‑Microsoft content to be delivered through the same infrastructure. In those situations, the sender address was still legitimate, but the content itself was not authored by Microsoft. This distinction is the main reason you will find conflicting answers online, some discussions are questioning the content, not the ownership of the domain.
Because of this, Microsoft does not recommend treating any email as trustworthy based on the sender address alone, even when the domain belongs to Microsoft. The reliable way to validate these messages is to confirm that the information in the email corresponds to what you see in the Microsoft 365 Admin Center > Health > Message Center, and that the links point only to Microsoft domains. When the email content aligns with the Message Center and does not request credentials, payments, or urgent action, it can be considered legitimate service communication.
I hope this clears up the confusion and thank you for taking security seriously.
Warm regards,
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.