Forum Discussion
New Outlook opens security hole
Hello, We just tested the New Outlook and discovered that it allows users to add personal Gmail accounts to their Outlook profile. We have intentionally blocked 3rd party email services to prevent d...
We just started trialling new Outlook and noticed this too. Our Office policy explicitly blocks any non-Exchange accounts, which classic Outlook respects, but new Outlook ignores. Be good to hear from Microsoft on this, hopefully it's just an oversight.
- We just had this reply from Microsoft support:
I checked with our escalations team, and the feature you are asking for, which is to prevent end users from adding their personal or third-party accounts is being developed. We do not have an exact ETA on when it will be rolled out, but it's a high priority item requested by other enterprise organizations, so hopefully soon.
In the meantime, the workaround to mitigate the security risks is to disable the new Outlook, either by hiding the toggle switch, restricting mailbox connections, or both.
Hope the provided information has addressed your concern,
Regards!While we wait for Microsoft to provide a way to block 3rd party email from being added by end users, we were able to completely disable New Outlook following the steps in this article:
https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-on-the-web/enable-disable-employee-access-new-outlookWe also deployed a registry change to end users with PowerShell to remove the button from Outlook. Run in user context because the key is HKCU
Set-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\office\16.0\Outlook\Options\General' -Name "HideNewOutlookToggle" -Value 1- We have found this fails in some situations. for example, client clicking on a /msg file has the new Outlook Experience wizard pop up even though it used to just let you import / open .msg files. This registry key is not able to resolve all issues with stopping the new Outlook experience
