First update for Outlook apps improves security but lots remains to be done

Microsoft announced the first update to the Outlook for iOS and Android apps on February 17 since the launch of the rebranded software acquired from Acompli last month. The upgrades included in this version (1.0.4) will go some of the way to assuage the doubts raised when the freshly-cleaned up apps appeared as Outlook rather than Acompli, but these apps still exhibit a certain rawness that make them inappropriate clients in the eyes of many large enterprises.

MVP Paul Cunningham reports on his experience of the updated apps and notes some issues, the most irksome of which is the way that Outlook for iOS blocks access to all mail accounts if an administrator requires a passcode to be set on the device. Assuming you set a PIN, the blocking doesn't last for long and anyway, everyone should protect their email – even your consumer account. This isn't an issue if you only use a corporate mail account, but it's could cause eyebrows to lift if, like many people, you use the client to connect to consumer email services as well.

Outlook for iOS only supports iOS 8.x and uses the passcode to encrypt information stored on devices, which is also a good thing. As you'd expect, life is different with Android... Enough on that. The important thing is that devices that refuse to comply with policy can't connect to Exchange, which is how it should be.

The optimists among us will say that at least more security policies are being applied by the Outlook apps, so we'll score that as a gain. But I remain under-impressed at the continuing insistence that the apps identify themselves to Exchange as ActiveSync clients that share a common identifier. You can't distinguish between iOS and Android devices, whether an update has been applied to bring a device up to a required level, and you can't tell what kind of hardware is being used. This is simply not good enough because it means that administrators lose all sorts of flexibility when it comes to deploying mobile device access rules to control what people can use to connect to Exchange.

In fact, it's a problem for Microsoft as well because organizations are forced to block any attempt by a mobile device that runs Outlook. After all, it's better to be safe than sorry.

There's good technical reasons why the Outlook apps continue to identify themselves the way that they do. When Acompli created the current connection scheme that uses ActiveSync to harvest information from user mailboxes before it is manipulated and held in a repository that currently runs on Amazon Web Services and then pushed to devices, it must have seemed like an elegant and effective method of gaining an advantage over any other mobile device that uses ActiveSync. Instead of accepting information as provided by Exchange, Acompli was able to create its focused Inbox and enable a better connection between Inbox and calendar.

That was then, this is now and these apps are now playing in the big leagues. I hope that Microsoft steps up to the plate soon to make sure that every Outlook-powered device that connects to Exchange identifies itself with full information about the software version it's running and a unique device identifier. This will allow administrators to selectively block or allow different versions of the software and force users to upgrade if they want to be allowed to access their corporate mailbox.

It would seem to make sense to improve the identification of mobile devices at the same time that Microsoft moves all the intermediate data processing off Amazon to its own Azure platform. But then again, I'm not a developer.

I was amused to see reference to IMAP support in Microsoft's announcement. Given its age, it is quite amazing and a little wonderful that IMAP4 has endured quite so long. Whereas ActiveSync is the lingua franca for Exchange connectivity, IMAP4 serves the same purpose for many other email servers. IDLE dates back to June 1997 when RFC2177 specified IDLE as a method to allow IMAP4 clients poll servers for new mail. Eighteen years later, IDLE keeps on trucking along...

Although much more remains to be done, it's great to see an update arrive so quickly to reinforce Microsoft's commitment to accelerate the development of the Outlook apps to a state where they are fit for (enterprise) purpose. The old Microsoft that was wedded to highly structured product releases is being dragged kicking and screaming into the world of agile development. It’s only fair to acknowledge that this is happening inside Office 365 too and it's good to see, even if the ever-changing nature of some aspects of "the service" drive me up the wall from time to time.

A nagging doubt persists that this is the kind of work that should have been done before the apps were rebranded as Outlook. People always demand more of a Microsoft app and some clear blue water between the old Acompli versions and the new improved Microsoft editions might have been enough to moderate the firestorm of criticism that erupted when the apps were launched. Then again, the iOS version of the app had clocked up 5,007 ratings the last time I looked with an average rating of 4 (out of 5), so lots of people like what they've got so far.

Follow Tony @12Knocksinna