If you keep up with all the news from Microsoft you’ve probably heard that Outlook for iOS and Android devices has been released, for free. If you are anything like me, you went and downloaded the app right away. I was initially very impressed with Outlook on my iPhone 5 (I didn’t test the Android version which is reportedly not as feature complete as the iOS version).
The launch comes less than two months after Microsoft acquired email app Acompli in early December, and the software maker is turning Acompli into Outlook mobile. Available for free in the App Store or Google Play, the new Outlook apps are identical to Acompli.
After digging deeper into this new mobile app from Microsoft we found that this service is storing the username and password on one of their cloud servers. Microsoft states that for performance reasons their servers make the connection to your local email server and then they push any new items to the user’s mobile device. Did you catch the important fact here? Microsoft is storing the usernames and passwords on their cloud server. Due to this one fact, no matter how much I enjoyed the new Outlook app, it is our opinion that Outlook for iOS/Android is not suitable for business use. It was a bit frustrating to not be prompted about this fact before configuring my work account in Outlook on my iPhone. It is just bad practice to be storing your username and password for your work email account on a foreign server. After I found out that they were storing my credentials I felt the need to change the password on my email account. I have a separate set of credentials for my email account compared to what I login to my workstation with. So only my email account is at risk. If you are using Exchange then the user would be using their Active Directory credentials which can give more access then to just email.
Here’s a link to a Microsoft blog article about the new Outlook for iOS/Android. Make sure to scroll down and read some of the comments from users and the replies from Microsoft techs.
If you want to block the Outlook mobile app from being able to connect to MDaemon’s ActiveSync server then we just need to create a simple blacklist entry. Here’s how to do it:
- Open the MDaemon GUI and click Setup | Mobile Device Management.
- Under the ActiveSync sub menu select Black List and then click the “New black list entry” button.
- From the “Add the following” drop down box select “Device Type” and in the field down below enter the word Outlook.
- Apply and OK the changes when you are done.
How can I tell if the black list entry is working?
We’ll need to look at some logging to ensure out black list entry is working as we expect it to. Open the AirSync.log file found in the C:\MDaemon\Logs\ folder. Do a search for “access denied”. Below is an example of what you are looking for to show that the device type has been black listed and denied from connecting to MDaemon.
150130 124959197 I [C3764199] 0x413100C0 Connection: 220.127.116.11 Method:POST User-Agent:Outlook-iOS-Android/1.0
150130 124959197 I [C3764199] 0x413100B8 Connection: Client Info: Outlook (B6292DBEFAEF6987)[14.0]
150130 124959198 D [C3764199] 0x413100BB Connection: Device Outlook is Blacklisted
150130 124959198 I [C3764199] 0x4131035A Handler: HTTP Status : 403/Access Denied
Will this black list entry stop Outlook 2013 from connecting to MDaemon?
No. Outlook 2013 is not affected by this black list entry. The device type of Outlook 2013 shows as “WindowsOutlook15” and will not match the black list entry we have created (unless we added a wild card).
What if my user has already downloaded the Outlook for iOS/Android app and configured it to connect to their email account?
When the user deletes the account there are three options to choose from. You can remove the account from the device only, or from the device and remote data, and Cancel. “Remote data” here is referring to your data cached on Acompli/Microsoft’s server. I have seen reports that there is still an active ActiveSync connection after the account has been removed. I’m assuming here that the caching server is still connecting to MDaemon. Ensure the user selects to remove the account from the device and remote data. This does not touch the user’s data held on the email server. Only the caching server from Acompli/Microsoft.
To remove an account from Outlook for iOS tap the Settings button in the bottom right hand corner, tap your account name, scroll down and tap Remove Account. Again ensure to select “From Device & Remote Data”.
As an extra precaution we recommend that any users who have connected to their account using Outlook for iOS/Android change their MDaemon account password.
If you have any questions please send us an email at firstname.lastname@example.org.