This content is part of the Essential Guide: Secure email servers on Exchange, Office 365 or both
News Stay informed about the latest enterprise technology news and product updates.

Microsoft bolsters Outlook app security, Office cloud integrations

Although Microsoft added some PIN-level improvements to its Outlook mobile apps, addressing bigger-picture issues may take time.

IT pros who recently shunned the Outlook app due to security issues may want to give it a second look.

Microsoft added some new security controls to Outlook for iOS and Android apps after it was criticized for several security holes in the application, which came from Microsoft's Acompli acquisition. The company also bolstered its cloud storage partnerships for more cross-platform flexibility.

Outlook will enforce company email policies at the device level for users who need a password for email syncing, Microsoft said on its blog. On Apple iOS devices, users will be denied access to email in the Outlook app unless they set up a PIN first if required by Exchange ActiveSync. Devices that run iOS 8.0 or later come with built-in encryption which Outlook leverages to encrypt Outlook data.

For Google Android users, Outlook will enforce screen lock rules, as well as policies for password length, complexity and the total number of failed screen-unlocking attempts before the device is wiped.

Microsoft also improved the speed of remote wipes, which will take place in seconds. The wipes are app-level and can remove Outlook email, calendar, contacts and files data as well as Outlook cloud components and reset the app without affecting a user's personal information.

The company promised in the coming weeks and months to add support for Microsoft Intune mobile device management for the apps, and will move its cloud service from Amazon Web Services to Microsoft Azure.

Despite these improvements, the Outlook mobile apps still carry security risks outlined by observers upon their release last month, risks that led some IT admins to block them. For example, an Exchange ActiveSync client ID for an individual user is the same across all of that user's devices, and Microsoft can store user email credentials in the cloud.

The internal Microsoft expertise is being transferred to new guys who didn't have as much experience in these issues.
Bob O'Donnellanalyst, TECHnalysis Research LLC

Microsoft said in a comment on its blog that it is investigating how to enable different client IDs for devices.

Making the Outlook mobile apps enterprise-ready will take time and development, said Bob O'Donnell, founder and chief analyst at TECHnalysis Research LLC in Foster City, Calif.

"Microsoft is embedded within so many large businesses and is more sensitive to what they have to deal with," O'Donnell said. "[The Outlook mobile apps] were bought. The internal Microsoft expertise is being transferred to new guys who didn’t have as much experience in these issues."

Microsoft also bolstered its mobile Outlook offering with the acquisition of startup calendar app Sunrise. Once integrated, the app is expected to provide users with a more consistent experience between their calendar, other apps and the mobile Outlook app.

While the Sunrise and Acompli acquisitions represent an effort by Microsoft to improve the user experience for its product information management apps, it must work to make them more IT friendly, said Alan Lepofsky, vice president and principal analyst with Constellation Research in Toronto.

Enabling people to create silos between their work and personal information within these apps is one area Microsoft can improve, Lepofsky said.

Microsoft adds cloud storage integrations, partnerships

Microsoft also will add further integrations in Office with outside cloud storage services, beyond its partnership with Dropbox.

Native cloud storage integration has been added to Office iOS apps, so users can open, edit and save documents from locations like Box and iCloud directly in Office, Microsoft said in another blog post. Microsoft plans to add similar integrations for Office universal apps for Windows 10 and Office for Android in the future.

Box had partnered with Microsoft to access Office 365 files only through desktops.

Microsoft also launched a new Cloud Storage Partner Program that opens up connections between cloud storage vendors and Office Online. Under the program, these services can integrate Office Online directly into their own applications, so users can open, view and edit stored there in any browser.

Box, Citrix and are the first three vendors to partner with Microsoft on this program, with more to follow.

In some instances, suites of software from a single vendor can make the most sense for customers, but Microsoft's efforts to make it simpler for developers and users to integrate different platforms is a great thing, Lepofsky added.

Dig Deeper on EMM tools | Enterprise mobility management technology

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Do recent changes to Outlook apps and Office storage partners make you more likely to consider Microsoft?
I've been testing this app for wide spread use in my organization.  Thus far, I'm not impressed.  It crashes often, lacks key features like no subfolder automatic updates or notification.  I've submitted more bug reports than anything else while trying to use this app.  My organization is currently using cloud based email with Microsoft O365.  We need an app that's easy to setup for less technically inclined workers which this app does seem to do.
While the recent updates and changes to Microsoft's Outlook apps and Office  storage partners seem enticing, they are not enough to make my company switch to the Microsoft systems. My company has been working almost exclusively in a Mac OS and iOS system, including iCloud storage. The cross platform capabilities allow us to interact with vendors and clients so we have no need to switch over to Microsoft at this time.
No. Those who now use MS will stick with it, mostly shrugging at these latest updates. Those how don't will see no compelling reason to switch.

This same question could have been asked along ago, over and over, based on any number of different sets of updates. I've never seen any individuals compelled to change from their current platform, I've never seen a company so enthralled to consider switching everyone.
As a company that has mandated Outlook, we'll be using it, but I don't see it necessarily winning any new converts. Outlook is in many ways the tool you use because you have to. I'm one of the people who has to use it.
Regardless of recent changes I personally like them. Mainly because of the ease of use, intuitiveness and less complications.  
The fear of lack of app security has reached to an extent where Microsoft Office Outlook’s app had to be banned from usage !

The European Parliament has now blocked Outlook Mobile App for all types of smartphones at various organisations, companies and institutions. It was found that that data and user credentials are being stored in the cloud, bypassing a number of security policies. Users were also further recommended that they delete the app from their device and change their password.

Our Chief Security Scientist at @Appknox ( himself has discovered several threats in applications made my Microsoft.
I think Microsoft will clear the ActiveSync client ID replication issue. In regards to Office, cloud partnership with Citrix, Box,, suggests added cross-platform flexibility.