Outlook: All Accounts view (Unified Inbox) brings your email into a single inbox view

🚨 The Signal: New Outlook's 'All Accounts' view unifies multiple email inboxes, including personal and work, into a single interface. This centralises email triage but increases the risk of data spillage and misdirected communications if not managed carefully.

The Impact

All users are affected, increasing the risk of accidental data exposure and misdirected communications across personal and work accounts.

• End users: Increased risk of sending sensitive work data to personal contacts.
• Security teams: New challenge in preventing data exfiltration across account types.
• Compliance officers: Difficulty in enforcing data separation policies.
• Admins: Limited direct control over user's unified inbox configuration.

The Action

1. Review and update data loss prevention (DLP) policies to specifically address cross-account email scenarios in Outlook.
2. Communicate clear guidelines to users regarding the appropriate use of the 'All Accounts' view, emphasising data separation.
3. Monitor M365 audit logs for unusual email activity or data transfers between personal and organisational accounts.
4. Evaluate Microsoft Purview Information Protection policies for sensitivity labels and encryption on emails.

Domain: M365-Apps · Impact: high · Workload: M365 Apps