No internet connection is available on the device, preventing Outlook from synchronizing with Exchange.
OFFICE 365 EMAIL SETTINGS ON ANDROID ANDROID
Outlook for iOS and Android is uninstalled by the user.īackground app refresh is disabled in the Settings options, and then a force-quit is applied to Outlook. There are three ways a user account can become inactive:
OFFICE 365 EMAIL SETTINGS ON ANDROID PASSWORD
The encrypted password remains stored in the Microsoft 365 or Office 365-based architecture, but decrypting it again isn't possible without the device key, which is only available from the user's device. With the decrypted password flushed, the architecture is unable to access a user's mailbox on-premises. Account inactivity and flushing passwords from memoryĪfter three days of inactivity, the Microsoft 365 or Office 365-based architecture will flush a decrypted password from memory. This information might be contained in and found within emails, calendar items, and so on. For example, transmitting passwords to Microsoft 365 or Office 365-based architecture might result in your inability to meet the requirements of PCI-DSS or ISO/IEC 27001.įurthermore, if you connect and synchronize email, calendars, and other email-related data, you might run into issues of compliance with GDPR, which restricts the private information that you can transmit without owner consent. Compliance considerations when sending passwordsīefore you enable anything that allows for the transmission of passwords from your on-premises Exchange environment, be sure to consider the possible ramifications.
As long as the user continues to open and use Outlook periodically, the Microsoft 365 or Office 365-based architecture will keep a copy of the user's decrypted password in memory to keep the connection to the Exchange server active.
Once decrypted, the password is never stored in the service or written to a local storage disk, and the device key is once again wiped from memory.Īfter the Microsoft 365 or Office 365-based architecture has decrypted the password at runtime, the service can then connect to the Exchange server to synchronize mail, calendar, and other mailbox data. Next, when a user attempts to connect to Exchange to retrieve mailbox data, the device key is again passed from the device to the Microsoft 365 or Office 365-based architecture over a TLS-secured connection, where it is used to decrypt the password in runtime compute memory. The device key, meanwhile, is wiped from memory and never stored in the Microsoft 365 or Office 365-based architecture (the key is only stored on the user's device). After verifying the password with the Exchange server, the Microsoft 365 or Office 365-based architecture uses the device key to encrypt the password, and the encrypted password is then stored in the service. When a user logs onto Exchange with Basic authentication, the username, password, and a unique AES-128 device key are sent from the user's device to the Outlook cloud service over a TLS connection, where the device key is held in runtime compute memory. This key is known as the device key and is stored only on the user's device. The first time the Outlook app for iOS and Android is run in an Exchange on-premises environment, Outlook generates a random AES-128 key.
Creating an account and protecting passwords For more information, please see Using hybrid Modern Authentication with Outlook for iOS and Android. The information contained in this article only pertains to basic authentication. Outlook for iOS and Android supports hybrid Modern Authentication for on-premises mailboxes which eliminates the need to leverage basic authentication.