Outlook: Read-only access to calendars within a PST file in new Outlook for Windows

🚨 The Signal: New Outlook for Windows now supports read-only access to calendars within PST files. This expands the attack surface for data exfiltration and introduces new discovery challenges for sensitive information stored locally.

The Impact

End users and security teams are affected by increased risk of sensitive calendar data residing in unmanaged local PST files, complicating data governance.

• End Users: May store sensitive calendar data locally, increasing exfiltration risk.
• Security Teams: New challenge for data discovery and preventing sensitive data sprawl.
• Compliance Teams: Increased difficulty in meeting data retention and eDiscovery obligations.

The Action

1. Review existing data governance policies regarding PST file usage and local data storage.
2. Communicate updated PST file handling guidelines to end-users, emphasizing cloud storage.
3. Evaluate Microsoft Purview Data Loss Prevention (DLP) policies for local file scanning and PST file content.
4. Consider implementing or reinforcing Group Policies to restrict PST file creation or network share usage.
5. Assess eDiscovery strategies to include local PST files in data collection efforts.

Impact: medium · Workload: M365 Apps