Outlook: Offline Support for Calendar - Create, Edit and Delete Event support

🚨 The Signal: New Outlook for Windows now supports offline creation, editing, and deletion of calendar events. This expands local data caching, increasing the attack surface for sensitive scheduling information if devices are compromised.

The Impact

End users are affected by increased local data storage, posing a risk of sensitive calendar data exposure if devices are compromised.

• End users: Sensitive calendar data is now cached locally, increasing exposure risk on lost or compromised devices.
• Security teams: Increased local data storage complicates data exfiltration monitoring and incident response.
• Admins: Device security posture becomes more critical due to expanded local data footprint.

The Action

1. Review and enforce Microsoft Intune device compliance policies for Windows endpoints, focusing on encryption and access controls.
2. Verify Microsoft Defender for Endpoint is deployed and configured for real-time monitoring and data loss prevention on all Windows devices.
3. Communicate to end-users the importance of device security and reporting lost or stolen devices promptly.
4. Assess existing Microsoft Purview Data Loss Prevention (DLP) policies for sensitive information types that may appear in calendar entries.

Domain: M365-Apps · Impact: medium · Workload: M365 Apps