Outlook App for iOS & Android

Yesterday Microsoft annouced the new app Outlook for iOS and Outlook for Android on the Office Blogs.

The apps are based on the former aquired company Acompli. So can we say “Horray!” and install the new app?

Well there might be some concerns in terms of security and legal dataprotection. What does this mean?

Here are some facts:

  • the app stores your credentials in the cloud
  • all communication goes over the service in AWS
  • no Exchange ActiveSync policy is applied to the device. At least you will see a new seperated device

How do I know that the request came from AWS? Well I traced the IP address for the incoming request and looked it up

IPLocation

The new device details looks like this

OLiOS

Due to the fact that this could be really an issue in terms of security and dataprotection you could/should take the information provided above and block those devices:

New-ActiveSyncDeviceAccessRule –QueryString 'Outlook for iOS and Android' –Characteristic DeviceModel –AccessLevel Block

Some links:

blocking on F5 loadbalancer (this was for iOS6.1, but can be easily adopted)

Heise.de news

http://eightwone.com/2015/01/30/blocking-outlook-app-for-ios-android/

https://blog.winkelmeyer.com/2015/01/warning-microsofts-outlook-app-for-ios-breaks-your-company-security/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s