Outlook: Export support for data files in Mac Outlook

🚨 The Signal: Outlook for Mac now supports exporting PST files, enabling users to extract mailbox data. This introduces a new vector for data exfiltration and complicates data governance and discovery efforts.

The Impact

All users with Outlook for Mac are affected, increasing the risk of sensitive data leaving the controlled environment.

• End users: Can easily export sensitive data, increasing exfiltration risk.
• Security teams: New vector for data loss, complicating monitoring and incident response.
• Data owners: Increased difficulty in maintaining control over sensitive information.
• Compliance officers: Challenges in demonstrating adherence to data protection regulations.

The Action

1. Review and update existing Data Loss Prevention (DLP) policies in Microsoft Purview to detect and block PST file exports from Outlook for Mac.
2. Implement or strengthen Endpoint DLP policies on macOS devices to monitor and restrict PST file transfers to external storage or cloud services.
3. Educate users on acceptable data handling practices and the risks associated with exporting sensitive information.
4. Monitor Microsoft 365 audit logs for PST export activities from Outlook for Mac clients.
5. Consider implementing Conditional Access policies to restrict access to Outlook for Mac for specific user groups or devices if data export is a critical concern.

Domain: Purview · Impact: high · Workload: Microsoft Purview