Microsoft patches Outlook app, adds PIN feature

Microsoft was quick to react to critics saying their Outlook app for Android and iOS was a "security nightmare".

In a blog post published on the Office blog on 17 February, Microsoft announced a couple of changes for the new app, including adding a PIN Lock feature to help boost security.

“Outlook now implements password enforcement using Exchange ActiveSync. If your company email policy requires that devices have a password in order to sync mail, Outlook will enforce this at the device level,” it says in the blog post.

The PIN feature works slightly differently on Android and iOS, depending on the OS’ controls and features.

Microsoft says the app will only work on iOS 8, because of the built-in encryption that OS has.

“On iOS devices, Outlook will check to make sure a passcode is properly set. In the event a passcode is not set, it will prompt users to set one up in iOS settings. Until the passcode is setup, the user will be unable to access Outlook,” it says in the blog.

On Android devices, Outlook will enforce screen lock rules. Further, Google provides controls that allow Outlook to honor additional Office 365 and Exchange policies regarding password length and complexity requirements and the number of allowable screen-unlock attempts before wiping the phone.

These changes came almost three weeks after security blogger René Winkelmeyer published a post on his blog, explaining how Microsoft’s new app is a “security nightmare”.

“I cannot believe that Microsoft has done what they’ve done. Even as a non-Microsoft guy I would have expected that they obey the rules of common company security rules,” were Winkelmeyer’s harsh words.

It seems Microsoft has heeded his warnings.