Accounts with a cloud-based username/password are directed to an Office 365 sign-in page accounts with an Active Directory Federation Services (ADFS)–based username/password are directed to the ADFS sign-in page. The new authentication procedure uses Active Directory Authentication Library (ADAL)–based authentication. This could mean your credentials were stored in a Microsoft–run cloud service that resided inside Amazon Web Services.Īs of a June 2015 update, Office 365 Exchange now uses OAuth in the Outlook app, removing the possibility that Office 365 credentials will be stored. In the original release of the Outlook app for iOS and Android, authentications against Office 365 Exchange used basic authentication. The worst-case scenario is that the user has to set up the Outlook app again. The remote wipe doesn’t reset the device back to a factory condition it selectively wipes the Outlook app and all data in the Outlook cloud service. In a BYOD environment, this is a good thing. If a remote wipe becomes necessary, the Outlook app is going to be wiped on every device the end user has connected.īut, that’s also the benefit of this architecture in my book: only the Outlook for iOS and Android app gets wiped out. And, unfortunately, there’s not a good answer for that. The obvious risk here is that, if an end user loses his/her device, you can’t identify it because all of the devices appear as a single device. Because of this architecture, Outlook for iOS and Android will always show up as one device with one ActiveSync ID regardless of the number of devices an end user has connected. The Outlook for iOS and Android app depends on a back-end cloud service to check for mail and send push notifications to the device. Shared Exchange ActiveSync ID and device type With AD RMS or Azure RMS in place, IT doesn’t need to care where files get saved because they’re protected regardless of storage location. If a file is protected by RMS and saved to a public folder on a cloud storage location, only the authorized employees in the organization can open the file. RMS protects the file itself based on its content and rules that the organization writes. It is available in both an on-premises version (Active Directory Rights Management Services ) and a cloud version (Azure Rights Management ). What’s the solution? Microsoft’s solution to protecting data is Rights Management Service (RMS). Even if you block every one of these services at the corporate network border, employees will bring in USB drives, access them when off the corporate network on a laptop, or find other creative ways around the security measures. Here’s the problem: how much control do you have over that now? The proliferation of cloud services has made blocking them at the border nearly impossible-especially when those are the services that people want to use or if they have to work with other organizations (such as customers) that do use these services.
You might think that this is a huge nightmare for protecting company data-especially if you’re dealing in credit card numbers, social security numbers, or other personally identifiable information (PII). The risk with allowing an end user to connect to any of these services is that users can easily save email attachments from their corporate email account into one of these services, outside the control of corporate IT. As of the publication of this article, the Outlook app for iOS and Android allows a user to connect to OneDrive (consumer), Dropbox, Box, or Google Drive.Īdding a file storage location in the Outlook for iOS app