Outlook: Read-only access to contacts within a PST file in new Outlook for Windows

🚨 The Signal: New Outlook for Windows now supports read-only access to contacts within PST files. This expands legacy data access, potentially exposing unmanaged contact information previously siloed, increasing data sprawl risk.

The Impact

Users accessing PST files are affected, increasing the risk of unmanaged contact data exposure and data loss prevention challenges.

• End-users: May inadvertently expose sensitive contact data from old PSTs.
• Security Teams: Increased challenge in enforcing data loss prevention policies on unmanaged PST content.
• Compliance Teams: Difficulty in demonstrating adherence to data retention and privacy regulations for PST data.
• IT Administrators: Expanded attack surface due to more accessible legacy data files.

The Action

1. Review and update Data Loss Prevention (DLP) policies in Microsoft Purview to specifically address PST file content and sharing.
2. Communicate to end-users about the risks of storing sensitive information in PST files and proper data handling procedures.
3. Implement or reinforce policies for the secure disposal or migration of legacy PST files to managed M365 storage.
4. Monitor M365 usage reports for PST file access patterns to identify potential areas of unmanaged data.

Domain: M365-Apps · Impact: medium · Workload: M365 Apps