IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft working to fix Outlook encryption flaw

The company said it will be finding a solution to the iOS and Android bugs causing corporate data policies to be ignored

Microsoft is developing a solution to an encryption flaw in the Outlook Android and iOS apps that cause some devices to ignore IT department passwords and policies, including encryption.

The company said additional features will be rolled out in the next few months to heighten security for corporate IT departments, including the addition of PIN lock and new Exchange ActiveSync policies.

Dirk Sigurdson, director of engineering at Rapid 7's Mobilisafe uncovered the flaw, and demonstrated how encryption policies are being ignored on some mobile devices.

Sigurdson explained in a blog: "[With Outlook for Android and iOS] any ActiveSync policy defined on the server is completely ignored. Your company can define a sophisticated passcode or encryption policy that will have absolutely no impact on devices if this new email client is used by your employees. There are other potential security issues with Outlook as well, but this one I think is the most egregious.

"If your organisation is dependent on ActiveSync policies in anyway you should immediately block ActiveSync access to Outlook for iOS and Android," he advised.

Another security blogger, Rene Winkelmeyer, warned of a number of other corporate security flaws in the Outlook apps when they were first released in January. He explained that Microsoft allows users to share corporate mail attachments with personal accounts, share ActiveSync IDs across a single user's devices and shares these credentials with Microsoft.

"The only advice I can give you at this stage is: block the app from accessing your companies [sic] mail servers. And inform your users that they shouldn't use the app," he explained.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Microsoft to double salary budget to retain workers
Careers & training

Microsoft to double salary budget to retain workers

17 May 2022
Microsoft warns of new botnet variant targeting Windows and Linux systems
Security

Microsoft warns of new botnet variant targeting Windows and Linux systems

16 May 2022
How to reinstall Windows 10 without losing data
Microsoft Windows

How to reinstall Windows 10 without losing data

13 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Microsoft to double salary budget to retain workers
Careers & training

Microsoft to double salary budget to retain workers

17 May 2022