Microsoft Outlook for iOS Gains Add-Ins Including Translator, Trello, Evernote and More

[mijail]

You have your opinion, I have mine.

That's a very fitting beginning for a lot of words that address NOTHING. We don't need anyone's opinion, because we have facts.

The Microsoft doc that you linked says:

When a user logs onto Exchange, the username, password, and a unique AES-128 device key are sent from the user’s device to the Outlook cloud service over a TLS connection,

This confirms exactly what Winkelmeyer wrote. Your 300+ words do not address this simple fact, which comes directly from Microsoft, thanks to the link that you yourself posted.

The Microsoft doc that you linked also says:

How is the temporarily cached mailbox data secured while stored in the Outlook service?

Got that? The mailbox data is stored in the Outlook service! Again, just as Winkelmeyer wrote!

Again, your 300+ words just dance around this simple fact. Which is the only thing they can do, since the simple fact comes directly from the horse's mouth.

Addressing your "point" (gotta love your scare quotes) on OAuth (you mention it a couple of times!) – funny how Winkelmeyer already warned that OAuth wouldn't fix anything. You read the follow-up, didn't you?

And note, because you seem confused: it was not me who originally posted Winkelmeyer's article.

If you want to trust Microsoft, that's your thing. But saying that Winkelmeyer wrote FUD, when Microsoft actually confirms it, makes it impossible for me to trust you.

 

[campyguy]

That's a very fitting beginning for a lot of words that address NOTHING. We don't need anyone's opinion, because we have facts.

Okay, you win. Stick to your game plan.

Never mind this:
https://blogs.office.com/2014/02/10/multi-factor-authentication-for-office-365/
or this:
https://support.office.com/en-us/ar...d9c-bcde-2c48e41621c6?ui=en-US&rs=en-US&ad=US

or another entity's perspective:
http://practical365.com/exchange-server/outlook-for-ios-and-android/ - note the "I consider this application ready for enterprise" statement near the end - after reading several analysis-related posts and talking with my two attorneys, I'm inclined to believe I'm safe on this matter. Newer stuff than you're citing. Oh, and I have legal recourse…

You need to understand where I'm coming from - I'm using time-specific context (which you're also using, notably - in past tense) Winkelmeyer's posts were relevant at the time. I wrote that they are now - in current tense - FUD, not currently relevant. At the time of the posts, they were relevant - but Winkelmeyer has not updated his/her perspective. I've got hundreds of server logs that show me that Winkelmeyer's posts are no longer accurately representing what the app "does".

Do you use Office 365? I do. Do you own Server 2012R2 and 2016? I do. I'm not the IT guy - I'm the owner of my company, and I've not seen one instance of "compromise" and I'm not taking anyone else's word for whether my correspondences are secure - all of my clients require secure correspondence, and they've vetted the iOS app and Office 365 and my two Servers. I'm not sure what you're alluding to when you write "trust" - none of my messaging is compromised, and all of my work is audited - all of it.

I'm not really sure what you're alluding to. The Winkelmeyer posts are no longer relevant, despite your misgivings on my perspective - if you feel otherwise, back it up with more-recent documentation and/or logs. Regarding Winkelmeyer's opinion regarding OAuth - they're also outdated, so if you want to argue on this matter give me something that's not 2 frickin' years old from a reputable source that can be cited. I'm done with this, I just don't see anything you have to offer here having any weight whatsoever.
[doublepost=1486342489][/doublepost]

And note, because you seem confused: it was not me who originally posted Winkelmeyer's article.

But, you did cite that really old "article". And, you did cite in this thread… Yes, or no?

 

[Howl's Castle]

That's not what you wrote in your OP, and FWIW two of my Outlook Cloud Services (Outlook.com) accounts that have been ported from AWS to the Azure platform have the Trello and Evernote add-ins available already. I'm not prone to surmising, and I offered MS's position on this matter - where's your citation?

I thought to post "FYI, It's only for O365" would have been enough. You can say that it's coming to Outlook.com, but ATM its only O365.

 

[mijail]

(... 300+ words MORE saying nothing + 2 blog posts on how nice 2FA is + 1 blog posts that re-re-confirms that Microsoft sends user's credentials to the cloud and uses them to access the user's mailbox... )

I don't get what is so difficult for you to understand, nor why you feel that blathering on changes the facts.

Simple facts still standing, since they come from Microsoft:

1. user's login and password are sent to the cloud
2. the cloud accesses the user's mailbox and stores its contents

Everything else is just about "look how safely we store your user credentials and mailbox contents, you can even use 2 factor authentication!", and "we delete your cached mailbox after 3 days, we swear". Do you honestly not see the problem? IF MICROSOFT WANTED, OR IF THEY DID SOMETHING WRONG (BOTH OF WHICH HAVE HAPPENED IN THE PAST), YOU'RE HOSED.

Sending user credentials to the cloud is dangerous, not to say ANATHEMA. It's that simple, man!

So let's try again to simplify. Can you negate any of those 2 numbered points I wrote? You don't need yet 300+ words MORE!
If you can negate them, then tell Microsoft to correct their tech and marketing articles.
If you can NOT, then I don't know why are we still talking about this. You trust something that others don't or even can't. Congrats!
[doublepost=1486370252][/doublepost]

... so if you want to argue on this matter give me something that's not 2 frickin' years old from a reputable source that can be cited. I'm done with this, I just don't see anything you have to offer here having any weight whatsoever.

Well, the Microsoft tech note that confirms all of this is from July 2016. Is that reputable and recent enough?

And once again, I am not offering anything. The offered info comes from Microsoft. That is the problem!

 

[silvetti]

No offense, but that's pretty old and no longer relevant, and was - at the time - bordering on FUD. I did read that "news" at the time and found none of it to be fully accurate, at the time, and even less so now. I did read the Accompli privacy policy at the time, and again after MS purchased/rebranded the app and I felt that the privacy policy was pretty clear, and chose to not use the app and opt to review it again. I did appreciate the - in my words and opinion - "chicken little" perspective that Winkelmeyer and others took at the time, but IMHO the Accompli app was not new in its approach as iOS device owners including myself use many apps that transmit and store credentials; I read the privacy policy and decide whether it works for me, and I don't understand why anyone wouldn't read a TOS/privacy policy before using something. While Winkelmeyer may have had good intentions, a read of the privacy policy would have cleared up concerns of potential users as it did for me.

That written, I own two Exchange Servers and also use Office 365 for Business. I read MS's own technical, and regularly updated, documentation - start here: https://technet.microsoft.com/en-us/library/mt684947(v=exchg.160).aspx - and the link at the bottom provides one on a far-more-detailed background. I have now used and also monitor the activities of the app, and it's performing exactly as how MS has described in their TechNet documentation, and have no concerns at this point with the new app. No FUD intended…

To be fair, my only concern about this type of app remains - the ability to disable remote images, as one can do with the stock Mail app. A fair counter here is that once one gets a spam email to an account, it's pretty much game over now that you're on a spambot list…

For many companies with intellectual property (like the one I work for, Pharma) having your credentials stored in the cloud is a no-no.
Also maybe it changed but there was no way to set force complex passcode to access the app and no way to limit the possibility to save attachments to your private Dropbox/OneDrive for example.
So basically no prevention loss.
These are all minor things for smaller companies but in companies with 100k plus employees this becomes a problem and fast.

 

[campyguy]

To be fair, my only concern about this type of app remains - the ability to disable remote images, as one can do with the stock Mail app. A fair counter here is that once one gets a spam email to an account, it's pretty much game over now that you're on a spambot list…

Quoting myself from an earlier post, resurrecting this dead thread. MS emailed me last night regarding the latest update of this iOS app. MS has finally added the option to "Block External Images", with the bonus of enabling/disabling this option per account as opposed to globally. DL'ed it and it works as described. FYI.