Outlook: Import calendars and contacts from PST file to mailbox in new Outlook for Windows

🚨 The Signal: New Outlook for Windows now supports importing calendars and contacts from PST files. This reintroduces a legacy data ingestion vector, potentially bypassing modern data governance and increasing data sprawl risks.

The Impact

All users are affected by the reintroduction of PST import, increasing the risk of unmanaged data and potential data exfiltration.

• End users: Can import unmanaged data, increasing personal data sprawl.
• Security teams: Face increased risk of unmanaged data ingress and potential exfiltration.
• Compliance teams: May struggle with eDiscovery and data retention for newly imported PST content.
• IT administrators: Need to manage potential support requests related to PST imports and data integrity.

The Action

1. Review existing Exchange Online Mailbox Import Export role assignments for least privilege.
2. Communicate to users about approved methods for data migration and the risks of importing unmanaged PSTs.
3. Monitor Exchange Online audit logs for MailboxImportExport role usage and PST import activities.
4. Consider implementing or reinforcing data loss prevention (DLP) policies to detect sensitive information within imported PST content.

Domain: Exchange · Impact: high · Workload: Exchange Online