Forum Discussion
New Outlook opens security hole
Hello, We just tested the New Outlook and discovered that it allows users to add personal Gmail accounts to their Outlook profile. We have intentionally blocked 3rd party email services to prevent d...
The old outlook allows you to block via policy. The new outlook creates a connection to your gmail and syncs everything to Microsoft Cloud and the old policies do not apply. I am also trying to find a way to disable this feature.
Just an FYI, I am just in the process of testing the OWA polices which seem to apply to both Outlook on the Web and "New Outlook".
I have setup a test OWA policy:
New-OwaMailboxPolicy TestOWAPolicy
Then I disabled personal accounts:
Set-OwaMailboxPolicy -PersonalAccountsEnabled -$false -identity TestOWAPolicy
Then I applied the policy to a test user:
Set-CASMailbox email address removed for privacy reasons -OwaMailboxPolicy TestOWAPolicy
Just waiting for the policy to kick-in.
Here is the link for reference:
https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-on-the-web/apply-or-remove-outlook-web-app-mailbox-policy
I have setup a test OWA policy:
New-OwaMailboxPolicy TestOWAPolicy
Then I disabled personal accounts:
Set-OwaMailboxPolicy -PersonalAccountsEnabled -$false -identity TestOWAPolicy
Then I applied the policy to a test user:
Set-CASMailbox email address removed for privacy reasons -OwaMailboxPolicy TestOWAPolicy
Just waiting for the policy to kick-in.
Here is the link for reference:
https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-on-the-web/apply-or-remove-outlook-web-app-mailbox-policy
- Hello Robert,
I appreciate your response. I am very curious if this worked for you. Can you update us on the results?- Sorry for the late response, this did not work for me but I believe this will be the setting to control this access. Trying to get clarification from Microsoft.
- Hey. No reason to apologize. You're helping me out for free!
I am really hoping Microsoft has some clarity to offer. Hard to believe they unilaterally decided to allow personal email on all corporate networks without some kind of security controls for administrators.
