New Outlook opens security hole

Copper Contributor

Hello,

We just tested the New Outlook and discovered that it allows users to add personal Gmail accounts to their Outlook profile. We have intentionally blocked 3rd party email services to prevent data loss. We don't ever want an end user to be able to send out confidential corporate information with their personal email account. Is there no way to disable this 'feature' for our tenant? You are now effectively bypassing all the data loss prevention security we have put in place around email, including explicit blocks for Gmail and Yahoo on our firewall. 

24 Replies
Thanks for clarifying. Since the command is run at part of an OWA mailbox policy, I was afraid it would only work for Outlook on the web, and not the desktop software or perhaps the new desktop version. Thank you for sharing.

It seems this OWA policy only prevents adding new personal accounts to the New Outlook, but existing accounts will still work (tested).

What is even funnier, I can logout the account with the OWA policy enabled from New Outlook, add my Gmail account (policy not applied at this point) and then just add the initial account back. And all the accounts will just work, including Gmail.

 

Is there any policy to prevent users from removing their default accounts, so the OWA policy will be applied the whole time?

+1 for this request - to be honest we're not even sure how many or who but it would be great to be able to lock it down after the fact.
We have found this fails in some situations. for example, client clicking on a /msg file has the new Outlook Experience wizard pop up even though it used to just let you import / open .msg files. This registry key is not able to resolve all issues with stopping the new Outlook experience

Hello,
We got the new outlook recently in the client machines, We applied the OWA policy to block the personal email accounts in new outlook . The OWA policy is worked for hotmail and outlook.com, but not for gmail account. Also found another strange behavior that the policy is working as expected, when adding the gmail as a secondary account (My work account is a default one in new outlook),
However I can able to setup the gmail as a default account (Primary), seems to be the policy is not working in this scenario .

Is there any fix for this?