Microsoft’s recently introduced new version of Outlook for Windows has raised privacy concerns. As reported by XDA, citing a study, the new Outlook is much more closely integrated with the cloud, which potentially expands Microsoft’s ability to collect user data.
Although the new client offers modern design and generative AI features such as writing assistance and other advanced AI-based options, a study conducted by the German resource Heise calls into question the level of protection of personal information.
After passing standard authentication, users are reportedly presented with a nondescript window asking Microsoft to sync their emails, events, and contacts to the cloud. It turned out that there is no function that allows you to refuse this synchronization and continue using the client, and the information provided officially states that “access to data allows you to search in the user’s mail,” but the boundaries of collecting this data are not disclosed.
Once authorized, Outlook actually transfers the credentials to the Microsoft cloud, which means that all processing, including receiving emails, takes place in the cloud. This was confirmed by testing using a special proxy server, which showed that authentication occurs through Microsoft IP addresses, and not directly through the user’s mail server. This raised the question among experts: is the new Outlook a truly independent email client or is it a “wrapper” for cloud services in its functions?
It turns out that by signing up for forced synchronization with the cloud in Outlook, and also accepting a license agreement that allows the company to collect data to improve its products, users are essentially giving Microsoft unconditional access to all of their email.
This raises many questions about transparency and the conditions under which Microsoft will access the data. The situation is especially critical for corporate users who may accidentally give Microsoft access to their company’s confidential information, thereby violating internal security standards. In addition, this leaked data can be used to train AI models. As XDA notes, “It’s important that consumers and system administrators alike understand the implications of using the new Outlook and protect their privacy in the face of growing cloud control.”