Outlook: Create and save email templates in the new Outlook for Windows

🚨 The Signal: New Outlook for Windows now supports creating and importing email templates. This streamlines repetitive communications but introduces a new vector for information leakage and phishing, as users can easily share and reuse potentially sensitive or malicious content.

The Impact

All users are affected, increasing the risk of data leakage, phishing, and non-compliant communication through easily shareable templates.

• End Users: Increased risk of inadvertently sharing sensitive data via templates.
• Security Teams: New vector for phishing and malware distribution via malicious .oft templates.
• Compliance Teams: Challenges in enforcing communication standards and data handling policies.
• Admins: Need to consider new DLP policies for template content and sharing.

The Action

1. Review and update existing Data Loss Prevention (DLP) policies in Microsoft Purview to include email template content.
2. Educate users on the secure creation, use, and sharing of email templates, emphasizing data sensitivity.
3. Implement communication governance policies for template content, focusing on branding and legal disclaimers.
4. Monitor for unusual template sharing patterns or template-based phishing attempts using Microsoft Defender for Office 365.

Domain: M365-Apps · Impact: medium · Workload: M365 Apps