This content is part of the Essential Guide: Secure email servers on Exchange, Office 365 or both

Microsoft bolsters Outlook app security, Office cloud integrations

Although Microsoft added some PIN-level improvements to its Outlook mobile apps, addressing bigger-picture issues may take time.

IT pros who recently shunned the Outlook app due to security issues may want to give it a second look.

Microsoft added some new security controls to Outlook for iOS and Android apps after it was criticized for several security holes in the application, which came from Microsoft's Acompli acquisition. The company also bolstered its cloud storage partnerships for more cross-platform flexibility.

Outlook will enforce company email policies at the device level for users who need a password for email syncing, Microsoft said on its blog. On Apple iOS devices, users will be denied access to email in the Outlook app unless they set up a PIN first if required by Exchange ActiveSync. Devices that run iOS 8.0 or later come with built-in encryption which Outlook leverages to encrypt Outlook data.

For Google Android users, Outlook will enforce screen lock rules, as well as policies for password length, complexity and the total number of failed screen-unlocking attempts before the device is wiped.

Microsoft also improved the speed of remote wipes, which will take place in seconds. The wipes are app-level and can remove Outlook email, calendar, contacts and files data as well as Outlook cloud components and reset the app without affecting a user's personal information.

The company promised in the coming weeks and months to add support for Microsoft Intune mobile device management for the apps, and will move its cloud service from Amazon Web Services to Microsoft Azure.

Despite these improvements, the Outlook mobile apps still carry security risks outlined by observers upon their release last month, risks that led some IT admins to block them. For example, an Exchange ActiveSync client ID for an individual user is the same across all of that user's devices, and Microsoft can store user email credentials in the cloud.

The internal Microsoft expertise is being transferred to new guys who didn't have as much experience in these issues.
Bob O'Donnellanalyst, TECHnalysis Research LLC

Microsoft said in a comment on its blog that it is investigating how to enable different client IDs for devices.

Making the Outlook mobile apps enterprise-ready will take time and development, said Bob O'Donnell, founder and chief analyst at TECHnalysis Research LLC in Foster City, Calif.

"Microsoft is embedded within so many large businesses and is more sensitive to what they have to deal with," O'Donnell said. "[The Outlook mobile apps] were bought. The internal Microsoft expertise is being transferred to new guys who didn’t have as much experience in these issues."

Microsoft also bolstered its mobile Outlook offering with the acquisition of startup calendar app Sunrise. Once integrated, the app is expected to provide users with a more consistent experience between their calendar, other apps and the mobile Outlook app.

While the Sunrise and Acompli acquisitions represent an effort by Microsoft to improve the user experience for its product information management apps, it must work to make them more IT friendly, said Alan Lepofsky, vice president and principal analyst with Constellation Research in Toronto.

Enabling people to create silos between their work and personal information within these apps is one area Microsoft can improve, Lepofsky said.

Microsoft adds cloud storage integrations, partnerships

Microsoft also will add further integrations in Office with outside cloud storage services, beyond its partnership with Dropbox.

Native cloud storage integration has been added to Office iOS apps, so users can open, edit and save documents from locations like Box and iCloud directly in Office, Microsoft said in another blog post. Microsoft plans to add similar integrations for Office universal apps for Windows 10 and Office for Android in the future.

Box had partnered with Microsoft to access Office 365 files only through desktops.

Microsoft also launched a new Cloud Storage Partner Program that opens up connections between cloud storage vendors and Office Online. Under the program, these services can integrate Office Online directly into their own applications, so users can open, view and edit stored there in any browser.

Box, Citrix and are the first three vendors to partner with Microsoft on this program, with more to follow.

In some instances, suites of software from a single vendor can make the most sense for customers, but Microsoft's efforts to make it simpler for developers and users to integrate different platforms is a great thing, Lepofsky added.

Dig Deeper on EMM tools | Enterprise mobility management technology