...
1 - Your user credentials and emails email data are sent to and stored in the Microsoft cloud server
Outlook App for iOS and Android does not connect directly to your corporate Exchange server. Instead, it connects to a server or service hosted in the cloud . It does not connect directly to your corporate Exchange server. by Microsoft. When you configure an account in Outlook App on iOS and Android, the app connect connects to a the Microsoft cloud service and the cloud service connects to your mailbox on your on-premises Exchange server, on your behalf using your user credential. The The cloud service will store your user credential and cache your emails. email data. Effectively, the Microsoft cloud service acts as a middle man.
Not only that you might not trust Microsoft to securely store and safeguard your data including your credentials, but also, providing your user credentials to a third party is a breach of many IT usage policies, and the . The Outlook app doesn’t even make clear to end users that this is occurring. In fact, the typical end user would have no idea that this is happening.
2 - Outlook App app does not always provide a unique device ID
If a user runs the Outlook App on multiple devices of the same OS, then Outlook App will provide the same device ID for the user on those devices. This will weaken the enforcement of MFA that is based on the device ID.
3 - Outlook app can change the device ID sporadically on the same device
Occasionally, the Outlook app may change the device ID of the same device. As a result, applications that use the device ID will stop working.
For organizations that have a problem with any of the concerns above, you can block or quarantine the Outlook App from accessing your Exchange mailboxes by following the Microsoft document . Microsoft provides a guide below:
We recommend a more direct and effective way below:
On your Exchange servers, add a URL Rewrite rule as follows
