• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Signing in to an Office 365 account at home = no privacy?

J

JimmiG

Platinum Member
So I thought I would set up the built-in email client in Windows 10 to receive email notifications for my work email.

All went well until the last part, where a large warning pops up saying that if I proceed, my company can collect information about me, change settings, add/remove programs, remove content and even "reset the device".

Whoa! That sounds almost like a domain join to me. I just want to add the email account. Also, I'm running Windows 10 home, which doesn't support joining a domain. But it sounds like it will basically share every folder and file on my computer with the company, from the simple act of adding the email account - how is that even possible?

I don't mind sharing my info anonymously with Microsoft, but I'm not sure I want to give my boss access to everything stored on my home PC...
 
The Exchange Activesync protocol supports mobile device management. In other words, an Exchange server can require that an Activesync client apply certain settings such as what you describe in order to access the Exchange server. To comply with the protocol, the Activesync client must obey.

I haven't checked, but I would think the Mail app uses the Activesync protocol to access Exchange, and not MAPI (used in standard Outlook desktop). As the Activesync protocol is simpler to implement, and the Mail app is not meant to be an Outlook replacement, it just makes a lot of sense.
 
JimmiG said:
So I thought I would set up the built-in email client in Windows 10 to receive email notifications for my work email.

All went well until the last part, where a large warning pops up saying that if I proceed, my company can collect information about me, change settings, add/remove programs, remove content and even "reset the device".

Whoa! That sounds almost like a domain join to me. I just want to add the email account. Also, I'm running Windows 10 home, which doesn't support joining a domain. But it sounds like it will basically share every folder and file on my computer with the company, from the simple act of adding the email account - how is that even possible?

I don't mind sharing my info anonymously with Microsoft, but I'm not sure I want to give my boss access to everything stored on my home PC...
Click to expand...

If you are that worried, install it on a separate VM and then they would only see things on that VM.
 
matricks said:
The Exchange Activesync protocol supports mobile device management. In other words, an Exchange server can require that an Activesync client apply certain settings such as what you describe in order to access the Exchange server. To comply with the protocol, the Activesync client must obey.

I haven't checked, but I would think the Mail app uses the Activesync protocol to access Exchange, and not MAPI (used in standard Outlook desktop). As the Activesync protocol is simpler to implement, and the Mail app is not meant to be an Outlook replacement, it just makes a lot of sense.
Click to expand...

Yep, this in a nutshell. The second I read the OPs litany of what the App needed access to, I immediately went "That's the boilerplate ActiveSync warning."

So to the OP, no, your company does not have some magic window into your PC and all of its files through the mail app. They can't go poking around your C: drive for your collection of risque images or bank statements.

What they CAN do is precisely what the warning says. Collect information that passes through the Mail app, change settings for the Mail app based on Exchange configuration/policies, Add/Remove programs (this is just a CYA related to the Mail app and multiplatform support as well as Mail client updates, they can't uninstall all of your other software), remove content (AKA remotely wipe your configured Mail client account), and remotely wipe the device (Again, this is a one size fits all CYA message relating to MDM on ActiveSync connections over phones/tablets, as far as I am aware they cannot forcibly format your PCs hard drive via ActiveSync).

That's the price you pay for putting email technically your company owns on your personal device. If you're not comfortable with it, don't do it. Stuff like this is why I disable ActiveSync for all new Office 365 users on our business plan unless they specifically have a company-issued smartphone, I don't *want* our data on their personal devices.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top