Outlook: Account Manager

🚨 The Signal: Outlook's new Account Manager allows users to view profile details and add accounts. This feature could expose internal account structures and increase the risk of unauthorized account additions if not properly governed.

The Impact

All users are affected, with a moderate security risk of unauthorized account additions and information disclosure.

• End users: Risk of inadvertently adding unauthorized accounts.
• Security teams: Increased complexity in monitoring account provisioning.
• Admins: Potential for misconfiguration leading to account sprawl.
• Compliance teams: Challenges in demonstrating adherence to identity management policies.

The Action

1. Review Entra ID Conditional Access policies for account provisioning.
2. Audit existing user permissions for adding new accounts to M365.
3. Communicate to users about approved methods for adding accounts.
4. Monitor audit logs for new account additions via Outlook.

Domain: Entra · Impact: medium · Workload: M365 Apps