Back in January, Microsoft released its Outlook app for iOS (and Android).  While it says Outlook, it’s not actually directly related to the app that you’re used to for business email.  The new Outlook is actually heavily based on the third party app Acompli  which was purchased by Microsoft right before the changeover.  The former Acompli, now Outlook, has a lot going for it, but there are some issues you should be aware before committing to use it in your business.

A More Full Featured Email Client

From its feature set, the new Outlook is a great email app.  It features a modern design with customizable swipe gestures, integrated calendar, option of a focused inbox, and a great search search feature that searches everything, not just email.  It has built-in support for most cloud services for attachments including MS One Drive, Google Drive, Dropbox, and iCloud.  If that wasn’t enough, its similarly robust when it comes to email.  It has automatic configuration for services like Outlook, Google Gmail, Yahoo, Apple’s iCloud and any other IMAP email server.  For business customers, Outlook also has Exchange support.  Its long list of features, integrated calendar, and control over your inbox make it a very productive app.

Security Concerns

While the Microsoft of the past may have stripped Outlook of all of Acompli’s features in favor of just Microsoft’s, Redmond under Nadella seems to be in charge of a much more open Microsoft that aims to make you want to use their products instead of being left with no option.  For most users, I would have no problem recommending this app as your primary email app.  It really is that well done and feature packed.  However, you may want to use it only for your personal email.

There are definitely some security issues to consider according to Paul Cunningham at ExchangeServerPro.com (BTW, if you have an exchange server and you’re not reading that site, you should be).  One is potentially major depending on your security measures.  Outlook for iOS uses an intermediary server to grab your email messages from both IMAP and Exchange email servers.  It does this to help you manage the indexing/sorting of your email box. The downside to this is that there is no direct line from your email server to the app.  While encrypted, Microsoft has to store your login credentials and access your email.  This may be in violation of your company’s security policies and even the law depending on how your business is regulated.  If this does violate your policies, we recommend you block Outlook as part of your Mobile Device Management strategy.  Cunningham also notes that your data is stored in a U.S.-based server.  This could be a major issue for international users as well.

Microsoft does do a lot to mitigate the risk form using cloud services. For Outlook/ OneDrive, Google, and DropBox, they employ Oauth which doesn’t give them direct access to your password.  For Exchange Active Sync, they encrypt the password using an encryption key stored on your iPhone or iPad.  That means if your data is compromised, its going to be extremely difficult to access.  They also quickly addressed one shortfall of the app’s rebranding in making it compatible with PIN enforcement policies and its in Microsoft’s best interest to address the others as well.

Is it worth The Risk?

Outlook for iOS a great tool, but as I’ve mentioned, it’s a tool that comes with some risks you have to know about. Given the security lengths Microsoft/ Acompli has taken, that risk might be within acceptable limits for some businesses. For others, it may be a risk you cannot take. Please read this article, read anything else out there on the subject, and make an informed decision with your IT and Security people. Don’t overreact one way or the other. You could end up either compromising your security or denying your employees an email and Calendar client that could make them more productive.