Microsoft Boosts Outlook Security For iOS And Android

CloudMobile AppsMobilitySecurity

First update for Outlook mobile app adds passcode, encryption and remote app wipe features

Microsoft has moved to strengthen the security of Outlook for iOS and Android after a number of organisations, including the European Parliament, banned the use of the app over privacy concerns.

The first major update to the app since it launched two weeks ago improves the implementation of passcode policies, allows admins to remotely wipe the app, not the phone, and adds support for IMAP.

If an organisation requires users to set a password, they will not be able to access their mail until this is done, while Android supports a number of additional policies.

Security boost

Outlook app“On iOS devices, Outlook will check to make sure a passcode is properly set. In the event a passcode is not set, it will prompt users to set one up in iOS settings,” said Microsoft in a blog post. “Until the passcode is setup, the user will be unable to access Outlook.

“On Android devices, Outlook will enforce screen lock rules. Further, Google provides controls that allow Outlook to honor additional Office 365 and Exchange policies regarding password length and complexity requirements and the number of allowable screen-unlock attempts before wiping the phone. It will also encourage storage encryption if it is not enabled. Outlook will guide users through this process with a step-by-step walkthrough.”

Outlook for iPhone and iPad only works on devices running iOS 8 or later because encryption is enabled by default.

Admins can also limit the damage caused by a lost or stolen device by allowing them to remotely wipe the Outlook application – not the device – within seconds, removing sensitive data such as email, calendar and contact details.

New features

For the end user, Microsoft has worked to include a number of the most-requested features. Email accounts with providers that support IMAP can be synced to the application, which can even provide push-like notifications if the mail server supports IDLE. Other cosmetic enhancements include customised swipe gestures on Android and the ability to turn off conversation view on iOS.

Over the next few months, Microsoft has promised to add support for Microsoft Intune Mobile Device Management (MDM), local contact syncing and better localisation, while it will also move the Outlook cloud service from Amazon Web Services to Azure.

Earlier this month, a number of organisations reportedly banned the use of the app because it stored login credentials and user data in the cloud in order to issue notifications, rendering any password or encryption measures useless.

Security researchers also warned that the app allows users to connect to personal cloud storage services, presenting a range of security risks, and that an issue with ActiveSync meant that multiple iOS devices could not be distinguished from one another.

The issues appear to be caused by the fact that the Outlook app is based heavily on technology acquired in Microsoft’s acquisition of Accompli and has therefore inherited its privacy policy and several behaviours.

Microsoft has just acquired calendar app Sunrise in a bid to ‘reinvent’ the mobile calendar. It is likely that Sunrise’s technology will be incorporated into the Outlook app.

Do you know about Windows? Try our history quiz!

Read also :

Click to read the authors bio  Click to hide the authors bio