Outlook: open attachments while offline in the new Outlook for Windows

🚨 The Signal: New Outlook for Windows now allows offline access to email attachments. This increases the risk of sensitive data exfiltration or exposure from endpoints, even without an active internet connection.

The Impact

All users are affected, increasing the risk of sensitive data residing unencrypted on endpoints and potential exfiltration.

• End users: Increased risk of sensitive data stored locally on devices.
• Security Team: Greater challenge in monitoring and controlling data at rest.
• Admins: Need to re-evaluate endpoint data protection policies.
• Organisations: Higher risk of data loss or compromise from offline devices.

The Action

1. Review and enforce Microsoft Intune App Protection Policies (APP) for Outlook for Windows to encrypt data at rest and control saving to local storage.
2. Implement or strengthen Windows Information Protection (WIP) policies to prevent data leakage from corporate applications.
3. Ensure Microsoft Defender for Endpoint is deployed and configured for all devices to monitor and alert on suspicious file activities.
4. Educate users on the risks of storing sensitive information locally and best practices for handling attachments.
5. Review Microsoft Purview Data Loss Prevention (DLP) policies to ensure they cover data at rest on endpoints where possible.

Domain: M365-Apps · Impact: high · Workload: M365 Apps