Outlook: Read-only access to calendars within a PST file in new Outlook for Windows

🚨 The Signal: New Outlook for Windows now supports read-only access to calendar data within PST files. This expands PST file utility but also increases the potential for data sprawl and unmanaged information.

The Impact

All users are affected, increasing the risk of data exfiltration and unmanaged data exposure from legacy PST files.

• End Users: Increased risk of inadvertently exposing sensitive calendar data stored in PSTs.
• Security Teams: Greater challenge in monitoring and preventing data exfiltration via PST files.
• Admins: More complex data discovery and eDiscovery processes due to expanded PST file usage.
• Compliance Teams: Difficulty in enforcing data retention policies on unmanaged PST content.

The Action

1. Review and update existing data loss prevention (DLP) policies to specifically address PST file content and sharing.
2. Communicate to users the risks associated with storing sensitive information in PST files and encourage migration to M365.
3. Implement or reinforce policies for identifying and migrating legacy PST files to M365 services like Exchange Online archives.
4. Utilize Microsoft Purview eDiscovery tools to identify and manage PST files across the environment.
5. Consider Group Policy or Intune settings to restrict the creation or use of PST files where not explicitly required.

Domain: M365-Apps · Impact: medium · Workload: M365 Apps