[ad_1]
. July 5, 2018 –
Until now, the function was secret: in the Microsoft Office suite online, administrators can read the user activity of real-time messenger. The previously undocumented interface is only now known.
In Office 365, administrators can create an email activity log using a secret API, as Heise writes in a report. Rumors about the existence of such a feature have existed for some time and have now become public thanks to a report from the security firm Crowdstrike.
Security service providers have long used the so-called API Activities to look for the reasons for hacking email accounts. According to Heise, this is not a security gap in the traditional sense, as it can only be used by administrators with essential rights to email accounts via Office 365. The information is same as an administrator can ask if an internal mail server was running. There are therefore indications on the authors of the messages and on the mails that have been read and the attachments opened. The difference from the normal mail server log is that the log of this web application also lists certain interactions that the user performs in his client.
What deserves to be mentioned about this API is that Microsoft has not documented it anywhere and that it has remained so secretive. Administrators did not know what information they could read. "Heise" at Microsoft has confirmed the existence of the API and also that it is operated by security researchers, but we would advise against the use of this undocumented function. The IT portal quotes a spokesperson for Microsoft: "The API Activities has been designed to support service-to-service communication and we can not guarantee that the data is accurate or complete enough to conduct security. "The question of why Microsoft has not informed its customers has remained unanswered.
(RPG)
Buy Office 365 now!
[ad_2]
Source link
