Great News! Outlook Mobile no longer stores your credentials on Microsoft’s servers

Before becoming Outlook Mobile, the current official Microsoft iOS and Android email app was called Acompli, and it featured some revolutionary email features at the time, but at a price.

Then the app offered a Focussed Inbox, but it did this by storing your email and password on its own servers and using this to access your inbox and do scanning and sorting on their servers.

Microsoft inherited that architecture (above) which used a proprietary REST API to communicate with an Azure server, which then accessed the email servers where your actual email was. This made many nervous, including the US government, who would not let government workers use the Outlook Mobile apps.

Starting last month Microsoft started moving to a direct connection which took Microsoft out of the loop.

On their support site Microsoft writes:

Beginning in December 2018, Microsoft will migrate customers to a native Microsoft sync technology that removes the Stateless Protocol Translator component from the Office 365-based architecture. With the native Microsoft sync technology, Outlook for iOS and Android connects directly to Office 365 for data connections ensuring the data is protected by an HTTP TLS-secured connection end-to-end.

The move had several advantages including:

  1. Eliminates middle tier services: Data synchronization with the native Microsoft sync technology occurs between the app and Office 365, eliminating the need for any middle tier services.

  2. Latency reduction: By replacing the proprietary Outlook device API and Stateless Protocol Translator, there is a reduction in end-to-end latency between the app and Office 365.
  3. Additional Office 365 instance support: Removing the intermediary Stateless Protocol Translator for data connections enables Microsoft to support other unique Office 365 instances, like Office 365 Government Community Cloud High and Office 365 Department of Defense, that were previously blocked from using Outlook for iOS and Android.
  4. Protocol consolidation: Today, each Outlook client platform utilizes a different data sync protocol, which hinders the ability to innovate and deploy new features quickly across all Outlook clients. The native Microsoft sync technology that Outlook for iOS and Android is adopting has been in use by the native Windows 10 mail client for a number of years, and in the future, will be used by Outlook for Mac.

  5. Unlocking new features: The native Microsoft sync technology will enable Outlook for iOS and Android to take advantage of native Office 365 features it does not support today, such as S/MIME, Microsoft Information Protection labeling, and shared mailboxes. These and more Office 365 features will roll out soon after the architecture update.

Removing the man in the middle has already paid off, with the Outlook Mobile app meeting the security and compliance needs of Office 365 US Government Community Cloud (GCC) High and Department of Defense customer.  Microsoft says the Outlook Mobile apps now meets the requirements for GCC High and DoD, DISA SRG Level 4 (GCC-High) and Level 5 (DoD), Defense Federal Acquisition Regulations Supplement (DFARS), and International Traffic in Arms Regulations (ITAR), have been approved by a third-party assessment organization and are FISMA compliant based on the NIST 800-53 rev 4.

Read much more detail about the improvements here, and about the use in DoD applications here.

Via ZDNet

Some links in the article may not be viewable as you are using an AdBlocker. Please add us to your whitelist to enable the website to function properly.

Related
Comments