Skip to main content

Microsoft patches Outlook app, adds PIN feature

Microsoft was quick to react to critics saying their Outlook app for Android and iOS was a "security nightmare".

In a blog post published on the Office blog on 17 February, Microsoft announced a couple of changes for the new app, including adding a PIN Lock feature (opens in new tab) to help boost security.

“Outlook now implements password enforcement using Exchange ActiveSync. If your company email policy requires that devices have a password in order to sync mail, Outlook will enforce this at the device level,” it says in the blog post.

The PIN feature works slightly differently on Android and iOS, depending on the OS’ controls and features.

Microsoft says the app will only work on iOS 8, because of the built-in encryption that OS has.

“On iOS devices, Outlook will check to make sure a passcode is properly set. In the event a passcode is not set, it will prompt users to set one up in iOS settings. Until the passcode is setup, the user will be unable to access Outlook,” it says in the blog.

On Android devices, Outlook will enforce screen lock rules. Further, Google provides controls that allow Outlook to honor additional Office 365 and Exchange policies regarding password length and complexity requirements and the number of allowable screen-unlock attempts before wiping the phone.

These changes came almost three weeks after security blogger René Winkelmeyer published a post on his blog (opens in new tab), explaining how Microsoft’s new app is a “security nightmare”.

“I cannot believe that Microsoft has done what they’ve done. Even as a non-Microsoft guy I would have expected that they obey the rules of common company security rules,” were Winkelmeyer’s harsh words.

It seems Microsoft has heeded his warnings.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.