Outlook Anywhere vs Activesync and Enterprise Security

Status
Not open for further replies.
B

byteguy

Member
Outlook version
Outlook 2013 64 bit
Email Account
Exchange Server
I would like to deploy new MS Surface Pro 2s (SP2s) installed with Windows 8.1 and MS Office 2013. I will keep these outside the corporate firewall so that users can install non company standard apps (as they currently do on iPads). However, unlike with iPads, they can enjoy a fully featured MS Office experience for work related activities. However, the key ‘connection’ they will have to the corporate systems will be email.

I am responsible for my local office’s IT infrastructure which is limited to LAN connected desktops and a local domain for file and print services. Our Exchange environment recently was migrated to our HQ.

I have encountered a roadblock with corporate IT. I would like to use Outlook 2013 on the SP2s connecting via Outlook Anywhere when working remotely (as we do with existing company issued laptops). Corporate IT will only permit an Activesync connection, as is used with company issued iPads. I believe that Outlook 2013 will not work with Activesync which would require us to use the (sadly disappointing) Windows8.1 email client – it won’t be a great experience for our users.

I have countered various arguments regarding ActiveSync benefits (remote wipe, forced encryption, forced passwords) but have encountered one argument that I can’t readily answer. Corporate IT insist that their Exchange environment is more vulnerable if a user’s SP2 is connected to Exchange via Outlook Anywhere rather than Activesync and it becomes compromised by a virus, Trojan or other hack (by using personal apps such as Skype, iTunes, games, etc.).

I can’t find a definitive answer, in my searching, that compares the vulnerability of the enterprise Exchange server when connecting to compromised clients via Outlook Anywhere rather than ActiveSync.

Can anyone help as well as direct me to a MS issued paper that answers this in a manner that corporate IT, or I, can’t refute?
 
I'm not sure why they are treating the surface any differently than the laptops? Both should be treated the same.

And yes, you are correct, outlook can't use ActiveSync - they'd have to use the builtin mail app or OWa.

IT is incorrect - outlook is secure against viruses. I don't have any documentation for security EAS vrs Outlookanywhere, but I believe they are both equally secure.
 
Diane Poremsky said:
I'm not sure why they are treating the surface any differently than the laptops? Both should be treated the same.

And yes, you are correct, outlook can't use ActiveSync - they'd have to use the builtin mail app or OWa.

IT is incorrect - outlook is secure against viruses. I don't have any documentation for security EAS vrs Outlookanywhere, but I believe they are both equally secure.
Click to expand...

Thanks for your confirmation, Diane. In order for me to convince my IT HQ of this, I doubt that they would accept anything but an MS tech document or a paper from another credible third party analyst. Do you have any guidance as to where I will find such? I have already spent half a day in Google but drawing blanks. Another possible option is for a persuasive document that compares how a client connecting to Exchange via EAS is any different from one connecting via Outlook Anywhere, in particular, whether a compromised client can more easily gain access to the corporate Exchange environment. Please note that these SP2s will have Symantec Endpoint Protection (stand-alone) just as any domain connected laptop - except they will never join the domain.
 
Diane Poremsky said:
I'll see what i can find.

They'll only have access to the Exchange server either way.
Click to expand...

Another related thought: while never having used it, doesn't MS offer its Office 365 suite, to enterprises and individuals, in a configuration that permits the client end to be a full blown Outlook client that connects via Outlook Anywhere to MS's Office 365 Exchange infrastructure? If so, could it be argued that MS has no way of knowing whether the client PCs connecting are compromised by some kind of malware? If this is the case, would they have any better protection from untrusted connecting clients than a enterprise would have with their own Exchange farm? I guess I am asking "if Outlook Anywhere is deemed safe by MS, with untrusted clients, why would an enterprise feel differently?" Any idea the approximate number of clients that Office 365 sees connecting via Outlook Anywhere?
 
100% of the outlook clients connecting to office 365 use outlook anywhere - it's the only way. I have no idea of the number, but it's in the millions.

Did they give any specifics about why they think outlook anywhere is unsafe?
 
i don't think these articles will help any - they cover it more from the angle of SSL and someone sniffing email or credentials, which would apply to ActiveSync too, rather than security from the standpoint of viruses and such. From the security/virus angle, the rpc connection is secure - a virus could only get in via email and outlook is secure against viruses.

http://social.technet.microsoft.com...0/thread/140eca3f-bea0-4e40-a74f-9ed7ede6cd3a

Understanding Security for Outlook Anywhere

http://technet.microsoft.com/en-us/library/bb430792.aspx

Securing Client Access Servers

http://technet.microsoft.com/en-us/library/bb400932.aspx
 
I wonder if they read this article - http://www.computerworld.com/s/arti...nager_s_Journal_Closing_off_a_hole_in_Outlook

If so

1) ActiveSync is a problem too - users can add an account to any win8 computer. Once mail is downloaded to a surface, the user can do anything they want with it, just like they can with outlook.

2) "A few weeks ago, the manager of a local hotel called to tell us that the hotel staff had discovered over 1GB of our company email on the computer in the hotel lobby. " WTF? The problem isn't Outlook Anywhere, it's the idiot user who created an outlook profile on someone else's computer... i can't believe a computer in the hotel lobby has outlook or that they don't reimage nightly. Or that the user was dumb enough to set up a profile on it - they should be using OWA on public computers. But making users use active sync isn't going to prevent this, they can still create accounts in Mail apps on other computers - only educating users will prevent this.
 
Diane Poremsky said:
I wonder if they read this article - http://www.computerworld.com/s/arti...nager_s_Journal_Closing_off_a_hole_in_Outlook

If so

1) ActiveSync is a problem too - users can add an account to any win8 computer. Once mail is downloaded to a surface, the user can do anything they want with it, just like they can with outlook.

2) "A few weeks ago, the manager of a local hotel called to tell us that the hotel staff had discovered over 1GB of our company email on the computer in the hotel lobby. " WTF? The problem isn't Outlook Anywhere, it's the idiot user who created an outlook profile on someone else's computer... i can't believe a computer in the hotel lobby has outlook or that they don't reimage nightly. Or that the user was dumb enough to set up a profile on it - they should be using OWA on public computers. But making users use active sync isn't going to prevent this, they can still create accounts in Mail apps on other computers - only educating users will prevent this.
Click to expand...

Thanks for all the links. I have already reviewed most of them. I also have sent across a 'request' to HQ to consider that seeks to draw comparisons to EAS but also relevance to our company owned SP2s (unlike the hotel faux-pas our data 'should' only be on the SP2). I can't answer your question on why they think OA is not secure as my initial feedback has been vague. The iniital position is that OA would connect an untrusted SP2 directly to their Exchange. I am trying to work through their concerns in a constructive way -- which I thought would benefit from a definitive MS document that would dispell their fears or, at least, categorically, clarify that OA expsoures are not greater that EAS exposures. I might find that their concerns are well placed but my research to date doesn't support this.
 
Status
Not open for further replies.
< Outlook 2013 .ost File Size | Signature size limit for OWA / Exchange 2010 >
Similar threads
Thread starter Title Forum Replies Date
C outlook 2016 and outlook anywhere Using Outlook 1
R Outlook anywhere Using Outlook 1
M Autodiscover not configuring Outlook Anywhere Using Outlook 10
G Data Left Behind when Migrating To Outlook from Thunderbird - Insights on the Issue Using Outlook 0
C Can't Use Custom Contact form in Outlook Classic since early January 2026 Outlook VBA and Custom Forms 7
e_a_g_l_e_p_i Need help updating email in Outlook 2021 Using Outlook 10
V Outlook spam filter misbehaving Using Outlook 6
L what are the downsides of running both classic and new outlook on same win 11 pc? Using Outlook 2
P Preventing permanent deletions in Outlook on the Web Using Outlook 0
L any trick to embedding images in new outlook and outlook on the web contacts? Using Outlook 4
L new outlook contacts searching Using Outlook 5
R Outlook 2010 Outlook 2010 migration question Using Outlook 2
W New Outlook PEOPLE blank Using Outlook 6
C New Outlook issues with Gmail, particularly labels/folders Using Outlook 3
E What is the next workaround for macro in New Outlook 1.2025.1111.100 Outlook VBA and Custom Forms 3
E Need to digitally sign macro but VBA\Outlook crash Outlook VBA and Custom Forms 4
P Outlook 2003 no longer opens "without" Folder List Showing in Navigation Pane Using Outlook 2
Hornblower409 Outlook 2010 - Never ending update Using Outlook 0
V Outlook created new profile? Using Outlook 1
J Outlook inbox question Using Outlook 4
T How to Add AT&T Contacts to Outlook 365 Using Outlook 5
F Outlook 2021 outlook on iPhone Using Outlook 1
F Outlook 2021 Outlook on iPhone asks for password Using Outlook 0
P ics calendar entries suddenly open up new Outlook Using Outlook 3
P Outlook "forgets" password until system rebooted Using Outlook 2
N Why does Outlook keeping adding to the email address I have in my notes portion of a contact? Using Outlook 2
M Anyone integrated AI website builders with Outlook for automated client communications? Using Outlook 1
V Gmail in Outlook Using Outlook 2
T Where has the Copilot icon gone in my Outlook desktop client? Using Outlook 7
P New way by Microsoft to get people to use the new Outlook Using Outlook 4
C How to keep emails in account in Outlook after closing the IMAP account Using Outlook 1
cymumtaz IMAP calendars in New Outlook Using Outlook 5
T Constantly Have To Log In To Outlook On The Web Using Outlook.com accounts in Outlook 2
T Cannot Find Outlook Noted On Android Using Outlook 4
O Outlook 2024 not showing that messages are replied to or forwarded Using Outlook 3
C Outlook 365 send/receive takes FOREVER - as in 40 minutes Using Outlook 7
I Outlook 2024 LTSC syncing with iCloud calendar - can only make appt. in iCloud Using Outlook 2
Kika Melo Outlook ribbon customisations do not 'stick' Using Outlook 12
J IMAP Folders Confusion in Windows Classic Outlook Using Outlook 1
A Missing Sent Emails in New Outlook Using Outlook 18
S Missing categories in Outlook calendar Using Outlook 10
P Windows 11 tries to open New Outlook when the user clicks on the mail icon on a news article Using Outlook 2
C I don't understand Outlook or Microsoft, anymore Using Outlook 12
P My Feedback to Microsoft and their response; also New Outlook roadmap Using Outlook 0
A New Outlook - Cannot drag IMAP emails to Task List in MyDay Using Outlook 1
L Android Outlook Doesn't Update PC Notification Changes Using Outlook 0
A How to open Excel file saved in Outlook folder? Outlook VBA and Custom Forms 4
D.Moore Outlook desktop client suggested searches question Using Outlook 22
Y Outlook 2016 (64-bit) Copy Local Cal. Events to Another Cal. with Modified Reminder time Using Outlook 2
T Outlook 2019 While connecting an IMAP account in "classic" Outlook 2024 I caused a massive duplication of emails on the server (death loop) Using Outlook 5

Similar threads

Back
Top