Outlook: Forward as attachment emails in a PST file in new Outlook for Windows

🚨 The Signal: New Outlook for Windows now allows forwarding emails from PST files as attachments. This increases the potential for sensitive data exfiltration and uncontrolled data sprawl outside of M365 governance boundaries.

The Impact

All users are affected, increasing the risk of sensitive data leaving controlled M365 environments.

• End users: Increased risk of inadvertently sharing sensitive data from PSTs.
• Security teams: Harder to track and control sensitive data movement.
• Compliance teams: Greater challenge in meeting data retention and privacy obligations.
• Admins: New vectors for data exfiltration to monitor and mitigate.

The Action

1. Review and strengthen Microsoft Purview Data Loss Prevention (DLP) policies to detect PST files and sensitive information within them.
2. Implement or refine Microsoft Purview Information Protection (MIP) sensitivity labels for PST files and email attachments.
3. Educate users on the risks of sharing sensitive information from PST files and the proper channels for data sharing.
4. Monitor M365 audit logs for unusual activity related to PST file access and sharing in New Outlook.
5. Consider blocking PST file usage in New Outlook if not business-critical, via Intune or Group Policy.

Domain: Purview · Impact: high · Workload: Exchange Online