Microsoft added PIN enforcement and multi-factor authentication to its mobile Outlook app. Credit:Microsoft
At the end of 2014, Microsoft bought Acompli, creators of a popular email app that it quickly rebranded as Outlook. The familiar name doubtless drew in more users, but it also gave IT teams a set of expectations about the security and management options a product called Outlook would have.
Given that Acompli's slogan was "Loved by users, and trusted by IT" and that it was the way they were working with enterprise IT departments that caught Microsoft's attention in the first place it seemed a perfect example of the "dual use" strategy CEO Satya Nadella often talks about: Instead of two separate versions of every tool one friendly and easy to use, the other carefully secured and limiting what you can do develop an application that's both powerful and intuitive to users, then let the IT team have enough controls to keep information safe without locking things down so much that people don't want to use it.
But which side of that precarious balance matters most? After decades of giving admins the controls to lock down features, the Outlook app was a clear demonstration that Microsoft was prepared to prioritize the user experience.
Building value, not chaos
That was a shift in priority Jared Spataro, the general manager of Office 365, had warned of at the SharePoint 2014 conference, to explain why anyone could create a group in Yammer. "Our philosophy is we will optimize for the user experience first, to prove value to an end user, and then build IT controls."
Spataro even shared the old Microsoft in-joke that it used to build the switch to turn the feature off before they built the feature, and he insisted it's not doing that now. He insisted they're "not trying to create chaos. It's just if we don't deliver value to end users, no matter how much you like it as an IT pro even if you love it, we have to have people in the business feel like I want this thing; it helps me get my work done'."
Exchange administrators were surprised to discover that the Outlook app was caching Exchange credentials and a month of email messages, contact details, calendar appointments and possibly attachments in the cloud (originally on AWS servers, and although Microsoft promised to shift that to Azure and Office 365 with regional data centres during 2015, it also indicated that the cloud structure was a strategic part of the Outlook architecture they plan to continue). It needs that information to deliver push notifications for new messages, and for features like easy unsubscribe and the "focused inbox" that highlights messages.
Sign up for CIO Asia eNewsletters.