However as we do not have our mailboxes in the cloud, the cloud tenant needs to keep a "cleartext" copy of our passwords in memory to access our mail servers ( ). MS further addressed the security issues by changes the authentication method for native cloud users (mailboxes in O365) to use OAUTH, or certificate based authentication between cloud hosted mailboxes and devices (no basic username / password). MS addressed this partially at the end of 2016 and moved out of the AWS cloud to the O365 cloud, however the data flow and caching still persisted (See embedded screenshot). This is bad, as they have your actual email and your password stored in that cloud tenant. The application used a cloud tenant in AWS to cache active sync credentials and mailbox content and acted as a man in the middle to request mail from a mail server, and then forward it to a requesting IOS client. ![]() "In 2014 Microsoft (MS) bought the company Acompli and absorbed their active sync mail client and rebranded it Outlook for IOS. ![]() Here is a super generalized blurb I wrote back in 2018 to my userbase RE: not installing Outlook for IOS due to security concerns of the MITM nature of the connection.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |