Blocking the Outlook app for android and IOS

The newly released Outlook app for IOS and Android has some pretty different behavior from the usual stock email clients, and incorporates some pretty serious security and privacy risks. There is a comprehensive writeup here that i heartily recommend for anyone interested in the inner workings. The short summary is:

  • Your data will be copyed to a cloud service without any real warning or visibility
  • Your account will be accessed by said service to retrieve and re-distribute your email (meaning they will at some level store your credentials

The only sane advice is to block this client from corporate exchange servers, to prevent a gaping security hole and potential data leak. Luckily, such a block can simply be archived by adding the following rule from the Exchange power shell (Exchange 2010+)

New-ActiveSyncDeviceAccessRule –QueryString 'Outlook for iOS and Android' –Characteristic DeviceModel –AccessLevel Block