Sharing of Mail Account password or credentials with Microsoft Servers by Outlook Mobile apps on iOS

Copper Contributor

When a mail account (not on Microsoft services like Outlook or Office365) is configured on the Microsoft Outlook app for iOS or Android, does the Outlook app also make the mail account accessible to Microsoft Servers for Push Notifications or otherwise.

If so, it makes the security of mail account suspect particularly in case of corporate mail accounts which have strict policies of not sharing or connecting their mail server credentials as well as mail content to or through any third party which may include Microsoft.

Or is it that the Microsoft Outlook App connects directly with the mail servers and other Microsoft Servers are not in the picture.

3 Replies

The Outlook phone app only links to the mail servers that are associated with the account added to the app. They are not funneled through anywhere else.

This is how all mail apps that I've ever used work and Outlook is not an exception.

As per my information (I may be wrong), Outlook App connects to the mail account server (for non Exchange or Outlook based mail accounts of third party mail providers including corporate mail providers) and then passes on some hash keys (or suitable authentication credentials) for the same mail account to the Microsoft servers as well.

Microsoft servers then poll the mail account regularly/ periodically and generate push mail notifications on the Outlook app on the mobile device. Without this polling and sending of push notification by Microsoft Servers, the push notification would not happen on IMAP mail accounts which are not Exchange or Outlook based.

This is not required in case of Exchange or Outlook based mail accounts since the Exchange based mail accounts automatically send push notifications to the client devices.

Kindly confirm whether I am correct in understanding.

I think I have not explained the issue properly. Kindly consider the following explanation for clarity.

 

Push notifications to my mind are not a purely client feature.

 

For example, push notifications are generated by Whatspp, facebook etc type apps using the servers of Google and Apple respectively. Push notifications are pushed to the client devices without any action of fetch from the client device. That is why, you get an instant intimation of new WhatsApp and Facebook message.

 

Similarly, Push notifications for mails are also not entirely client features. They cannot function without the server supporting it- and perhaps having an intermediary like Microsoft or Apple. If this were not so, then all mail providers would be able to support Push, which they do not as can be seen readily. Gmail currently does not support Push in its free version.

 

You may refer to:

https://en.wikipedia.org/wiki/Push_technology 

 

 

All mail clients are capable of generating notifications for new mail. The mail notifications are of two types- Push notifications and notifications generated through periodic fetch/ Pull by the mail client. The exchange and Outlook mail accounts support Push notifications, while Gmail and most or the other mail accounts only support the periodic fetch and pull by the mail client and they do not support Push. The mail client when connecting to Outlook/ Exchange mail accounts would be able to generate Push notifications because the mail account itself supports it. 

 

However, if the mail account (like Gmail) does not support Push, then the notifications for new mail will be generated only when the mail client fetches new mail from the mail server either triggered by the user or at pre-defined periodicity.

 

What I meant is that the iOS or Android Outlook mail client generates Push notifications even on Gmail and other and not Push notifications.

 

Since, Outlook mail client for Android or iOS generates Push notifications (and not fetch), even on accounts like Gmail, it supports the idea that these Push notifications are generated through Microsoft Servers. This is not desirable since then the Microsoft servers would also have access to the mail content of third party mail providers.

 

As per my information (I may be wrong), Outlook App connects to the mail account server (for non Exchange or Outlook based mail accounts of third party mail providers including corporate mail providers) and then passes on some hash keys (or suitable authentication credentials) for the same mail account to the Microsoft servers as well.

 

Microsoft servers then poll the mail account regularly/ periodically and generate push mail notifications on the Outlook app on the mobile device. Without this polling and sending of push notification by Microsoft Servers, the push notification would not happen on IMAP mail accounts which are not Exchange or Outlook based.

 

This is not required in case of Exchange or Outlook based mail accounts since the Exchange based mail accounts automatically send push notifications to the client devices.