Yesterday Microsoft annouced the new app Outlook for iOS and Outlook for Android on the Office Blogs.
The apps are based on the former aquired company Acompli. So can we say “Horray!” and install the new app?
Well there might be some concerns in terms of security and legal dataprotection. What does this mean?
Here are some facts:
- the app stores your credentials in the cloud
- all communication goes over the service in AWS
- no Exchange ActiveSync policy is applied to the device. At least you will see a new seperated device
How do I know that the request came from AWS? Well I traced the IP address for the incoming request and looked it up
The new device details looks like this
Due to the fact that this could be really an issue in terms of security and dataprotection you could/should take the information provided above and block those devices:
New-ActiveSyncDeviceAccessRule –QueryString 'Outlook for iOS and Android' –Characteristic DeviceModel –AccessLevel Block
Some links:
blocking on F5 loadbalancer (this was for iOS6.1, but can be easily adopted)
Heise.de news
http://eightwone.com/2015/01/30/blocking-outlook-app-for-ios-android/
The clueless guy 