With the launch of the new Outlook Mobile App into the Apple and Android stores, there are a number of new security concerns from the Microsoft Exchange community. Perhaps the gravest concern for those using the new App are that Microsoft stores email credentials in, and transfers company email data through the cloud (initially Amazon Web Services). That "may" be fine for companies already using the Microsoft and Amazon clouds, but for many security conscious organizations it's not approved and may be a violation of their security policies.
For organizations that want to block or quarantine the app from connecting to their Exchange or Office 365 environments until it can be further evaluated, we’ve included the steps below.
Read more news about organizations blocking the Outlook Mobile App with a quick google search. Here are the first two from our search:
- University of Wisconsin: http://www.news.wisc.edu/23479 (Security alert issued for Outlook mobile app)
- EU Parliament: http://www.theregister.co.uk/2015/02/12/eu_parliament_banning_outlook_app (EU parliament bans Outlook app over cloudy security)
Controlling Exchange device access using the ActiveSync Allow/Block/Quarantine list
- Log in to the Exchange Control Panel (ECP) (https://yourdomain/ecp or https://yourdomain/owa and select Options > See all options)
- In ECP, make sure you are managing My Organization. Be aware that user accounts that are not Exchange Admins won't see the "My Organization" option
- Select Phone & Voice> ActiveSync Access tab. This is the Allow/Block/Quarantine configuration screen.To create a new rule, select New from the Device Access Rules section.
- It's important to note that when making a new rule that you select the device family or the model, but not both. The Outlook app is identified in ActiveSync management screens with the device family “outlook-iOS-Android/1.0”
- Select to Block or Quarantine devices of the selected family when trying to connect.