Outlook: Insert Graphic

🚨 The Signal: New Outlook feature allows users to insert emojis, stock photos, and stickers directly into emails. This introduces potential for increased data egress and content policy violations.

The Impact

All users are affected, increasing the risk of data exfiltration and policy violations through embedded graphics.

• End users: Increased risk of inadvertently sharing sensitive information via images.
• Security team: New vector for data exfiltration and policy violations to monitor.
• Compliance team: Potential for non-compliant content distribution via email.
• IT administrators: Need to review and update content filtering and DLP policies.

The Action

1. Review existing Microsoft Purview Data Loss Prevention (DLP) policies for Exchange Online to ensure they cover image content.
2. Consider creating new DLP rules to detect and block specific types of images or image content that violate organizational policy.
3. Update acceptable use policies to explicitly address the use of embedded graphics in email communications.
4. Communicate updated policies and best practices to end-users regarding appropriate content for email.

Impact: medium · Workload: Exchange Online