Outlook: Auto-Export mailbox to PST file in new Outlook for Windows

🚨 The Signal: New Outlook for Windows allows users to schedule automatic mailbox exports to PST files. This increases data exfiltration risk and complicates data governance and eDiscovery, requiring updated data loss prevention (DLP) strategies.

The Impact

All users are affected, increasing the risk of uncontrolled data proliferation and exfiltration.

• End Users: Increased ability to exfiltrate sensitive data.
• Security Teams: New vector for data loss and compliance breaches.
• Data Governance: Challenges in maintaining data residency and control.
• Legal/eDiscovery: Unmanaged PSTs complicate legal hold and discovery.

The Action

1. Review and update existing Data Loss Prevention (DLP) policies in Microsoft Purview to detect and block PST exports.
2. Implement or refine Endpoint DLP policies to prevent PST files from being moved to unmanaged locations or external media.
3. Educate users on acceptable data handling practices and the risks associated with local data storage.
4. Assess the need for Group Policy Objects (GPOs) or Intune policies to restrict PST export functionality in New Outlook, if available.
5. Monitor audit logs for PST export activities, especially for sensitive mailboxes.

Domain: Purview · Impact: high · Workload: Exchange Online · Essential Eight: Regular Backups · ISM: ISM-1511, ISM-1515, ISM-1705, ISM-1706, ISM-1707, ISM-1708, ISM-1810, ISM-1811, ISM-1812, ISM-1813, ISM-1814