Outlook Anywhere vs Activesync and Enterprise Security

Status
Not open for further replies.
B

byteguy

Member
Outlook version
Outlook 2013 64 bit
Email Account
Exchange Server
I would like to deploy new MS Surface Pro 2s (SP2s) installed with Windows 8.1 and MS Office 2013. I will keep these outside the corporate firewall so that users can install non company standard apps (as they currently do on iPads). However, unlike with iPads, they can enjoy a fully featured MS Office experience for work related activities. However, the key ‘connection’ they will have to the corporate systems will be email.

I am responsible for my local office’s IT infrastructure which is limited to LAN connected desktops and a local domain for file and print services. Our Exchange environment recently was migrated to our HQ.

I have encountered a roadblock with corporate IT. I would like to use Outlook 2013 on the SP2s connecting via Outlook Anywhere when working remotely (as we do with existing company issued laptops). Corporate IT will only permit an Activesync connection, as is used with company issued iPads. I believe that Outlook 2013 will not work with Activesync which would require us to use the (sadly disappointing) Windows8.1 email client – it won’t be a great experience for our users.

I have countered various arguments regarding ActiveSync benefits (remote wipe, forced encryption, forced passwords) but have encountered one argument that I can’t readily answer. Corporate IT insist that their Exchange environment is more vulnerable if a user’s SP2 is connected to Exchange via Outlook Anywhere rather than Activesync and it becomes compromised by a virus, Trojan or other hack (by using personal apps such as Skype, iTunes, games, etc.).

I can’t find a definitive answer, in my searching, that compares the vulnerability of the enterprise Exchange server when connecting to compromised clients via Outlook Anywhere rather than ActiveSync.

Can anyone help as well as direct me to a MS issued paper that answers this in a manner that corporate IT, or I, can’t refute?
 
I'm not sure why they are treating the surface any differently than the laptops? Both should be treated the same.

And yes, you are correct, outlook can't use ActiveSync - they'd have to use the builtin mail app or OWa.

IT is incorrect - outlook is secure against viruses. I don't have any documentation for security EAS vrs Outlookanywhere, but I believe they are both equally secure.
 
Diane Poremsky said:
I'm not sure why they are treating the surface any differently than the laptops? Both should be treated the same.

And yes, you are correct, outlook can't use ActiveSync - they'd have to use the builtin mail app or OWa.

IT is incorrect - outlook is secure against viruses. I don't have any documentation for security EAS vrs Outlookanywhere, but I believe they are both equally secure.
Click to expand...

Thanks for your confirmation, Diane. In order for me to convince my IT HQ of this, I doubt that they would accept anything but an MS tech document or a paper from another credible third party analyst. Do you have any guidance as to where I will find such? I have already spent half a day in Google but drawing blanks. Another possible option is for a persuasive document that compares how a client connecting to Exchange via EAS is any different from one connecting via Outlook Anywhere, in particular, whether a compromised client can more easily gain access to the corporate Exchange environment. Please note that these SP2s will have Symantec Endpoint Protection (stand-alone) just as any domain connected laptop - except they will never join the domain.
 
Diane Poremsky said:
I'll see what i can find.

They'll only have access to the Exchange server either way.
Click to expand...

Another related thought: while never having used it, doesn't MS offer its Office 365 suite, to enterprises and individuals, in a configuration that permits the client end to be a full blown Outlook client that connects via Outlook Anywhere to MS's Office 365 Exchange infrastructure? If so, could it be argued that MS has no way of knowing whether the client PCs connecting are compromised by some kind of malware? If this is the case, would they have any better protection from untrusted connecting clients than a enterprise would have with their own Exchange farm? I guess I am asking "if Outlook Anywhere is deemed safe by MS, with untrusted clients, why would an enterprise feel differently?" Any idea the approximate number of clients that Office 365 sees connecting via Outlook Anywhere?
 
100% of the outlook clients connecting to office 365 use outlook anywhere - it's the only way. I have no idea of the number, but it's in the millions.

Did they give any specifics about why they think outlook anywhere is unsafe?
 
i don't think these articles will help any - they cover it more from the angle of SSL and someone sniffing email or credentials, which would apply to ActiveSync too, rather than security from the standpoint of viruses and such. From the security/virus angle, the rpc connection is secure - a virus could only get in via email and outlook is secure against viruses.

http://social.technet.microsoft.com...0/thread/140eca3f-bea0-4e40-a74f-9ed7ede6cd3a

Understanding Security for Outlook Anywhere

http://technet.microsoft.com/en-us/library/bb430792.aspx

Securing Client Access Servers

http://technet.microsoft.com/en-us/library/bb400932.aspx
 
I wonder if they read this article - http://www.computerworld.com/s/arti...nager_s_Journal_Closing_off_a_hole_in_Outlook

If so

1) ActiveSync is a problem too - users can add an account to any win8 computer. Once mail is downloaded to a surface, the user can do anything they want with it, just like they can with outlook.

2) "A few weeks ago, the manager of a local hotel called to tell us that the hotel staff had discovered over 1GB of our company email on the computer in the hotel lobby. " WTF? The problem isn't Outlook Anywhere, it's the idiot user who created an outlook profile on someone else's computer... i can't believe a computer in the hotel lobby has outlook or that they don't reimage nightly. Or that the user was dumb enough to set up a profile on it - they should be using OWA on public computers. But making users use active sync isn't going to prevent this, they can still create accounts in Mail apps on other computers - only educating users will prevent this.
 
Diane Poremsky said:
I wonder if they read this article - http://www.computerworld.com/s/arti...nager_s_Journal_Closing_off_a_hole_in_Outlook

If so

1) ActiveSync is a problem too - users can add an account to any win8 computer. Once mail is downloaded to a surface, the user can do anything they want with it, just like they can with outlook.

2) "A few weeks ago, the manager of a local hotel called to tell us that the hotel staff had discovered over 1GB of our company email on the computer in the hotel lobby. " WTF? The problem isn't Outlook Anywhere, it's the idiot user who created an outlook profile on someone else's computer... i can't believe a computer in the hotel lobby has outlook or that they don't reimage nightly. Or that the user was dumb enough to set up a profile on it - they should be using OWA on public computers. But making users use active sync isn't going to prevent this, they can still create accounts in Mail apps on other computers - only educating users will prevent this.
Click to expand...

Thanks for all the links. I have already reviewed most of them. I also have sent across a 'request' to HQ to consider that seeks to draw comparisons to EAS but also relevance to our company owned SP2s (unlike the hotel faux-pas our data 'should' only be on the SP2). I can't answer your question on why they think OA is not secure as my initial feedback has been vague. The iniital position is that OA would connect an untrusted SP2 directly to their Exchange. I am trying to work through their concerns in a constructive way -- which I thought would benefit from a definitive MS document that would dispell their fears or, at least, categorically, clarify that OA expsoures are not greater that EAS exposures. I might find that their concerns are well placed but my research to date doesn't support this.
 
Status
Not open for further replies.
< Outlook 2013 .ost File Size | Signature size limit for OWA / Exchange 2010 >
Similar threads
Thread starter Title Forum Replies Date
C outlook 2016 and outlook anywhere Using Outlook 1
R Outlook anywhere Using Outlook 1
M Autodiscover not configuring Outlook Anywhere Using Outlook 10
C I don't understand Outlook or Microsoft, anymore Using Outlook 0
P My Feedback to Microsoft and their response; also New Outlook roadmap Using Outlook 0
A New Outlook - Cannot drag IMAP emails to Task List in MyDay Using Outlook 1
L Android Outlook Doesn't Update PC Notification Changes Using Outlook 0
A How to open Excel file saved in Outlook folder? Outlook VBA and Custom Forms 4
D.Moore Outlook desktop client suggested searches question Using Outlook 18
Y Outlook 2016 (64-bit) Copy Local Cal. Events to Another Cal. with Modified Reminder time Using Outlook 2
T Outlook 2019 While connecting an IMAP account in "classic" Outlook 2024 I caused a massive duplication of emails on the server (death loop) Using Outlook 5
D Cannot logon to Outlook.com, or outlook on Mac, outlook not updating on ipad, iphone Using Outlook 1
J unable to get my new install of Outlook to display mailboxes in the single-line format. Using Outlook 1
D Legacy Microsoft Outlook for Mac Support will end in Oct 2025 Using Outlook 5
C Nasty Bug Lurking In Outlook For Years. The Trigger. Any Fix Or Workaround? Using Outlook 11
R Auto clicking Hyperlink in outlook Outlook VBA and Custom Forms 7
ughlook Open multiple contacts in NEW Outlook? Using Outlook 3
G Outlook translation feature is off Using Outlook 2
J Outlook 2010 does not let me put any account Using Outlook.com accounts in Outlook 3
P 3 of 5 PST files don't install from d:\outlook but only from D:\ Using Outlook 7
HarvMan January Windows 10 preview update force installs new Outlook Using Outlook 1
L Outlook 2010 - new installation on Windows 11 - aplzod32.dll is not a valid Add-in Using Outlook 12
J Outlook troubleshooting/logging - option grayed out Using Outlook 2
B Arrows missing from Outlook emails vertical scrollbar Using Outlook 0
G Outlook 2021 (New) doesn't respect default browser Using Outlook 9
B Outlook or iPhone turning tabs into spaces in Outlook Notes Using Outlook 1
P newly installed Office 365 includes OLD Outlook Using Outlook 6
R Outlook ribbon menu default? Using Outlook 7
H Spam email in Gmail not visible in Outlook Using Outlook 3
J How to transfer Win 10 Outlook to new Windows 11 pc? Using Outlook 16
J Renegade spam URL line displayed in old local Outlook 365 email title Using Outlook 3
G Reduce whitespace in Outlook desktop Contact Cards display Using Outlook 3
C Outlook classic via 365 Using Outlook 2
Dr. Demento Analogous Outlook code to read info into an array (or collection or whatever) Outlook VBA and Custom Forms 7
S Repair Outlook Using Outlook 8
V Outlook Form ListBox is not editable Outlook VBA and Custom Forms 2
F Outlook's contacts Using Outlook 1
D Outlook 2003 stopped dead Using Outlook 2
G Cannot receive emails from gmail account in Outlook 365 Using Outlook 1
E "Cannot display the folder. MS Outlook cannot access the specified file location" Using Outlook 8
P Outlook 2016 Working Offline Using Outlook 2
Rupert Dragwater Cannot reestablish gmail (email address) account in Outlook 365 Using Outlook 11
O Outlook 365 synchronisieren Exchange Server Administration 1
kburrows Outlook Classic - JPG files are corrupted when opened or saved Using Outlook 3
F Sync Outlook Calendar Using Outlook 0
G Change default font size in sticky notes - Outlook Desktop 2021 Using Outlook 2
C VBA in "New Outlook?" Using Outlook 0
D New Outlook with Business Basic Plans Using Outlook 0
D Outlook 2021 not working with Outlook 2003 installed Using Outlook 5
D Outlook 2003 stopped working - get they dialog box asking for username & Password Using Outlook 2

Similar threads

Back
Top