Request Feature CASB - Control Users use outlook application/web on mobile to send data

What is a one sentence summary of your feature request?

Request a CASB capability to monitor and control users sending sensitive data through Outlook Mobile App and Outlook Web Access on mobile browsers.

Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.

We would like to request a CASB feature that can inspect, monitor, and control outbound emails sent through the Outlook mobile application and Outlook Web Access on mobile browsers.

The main problem is that users may access corporate email from mobile devices, including unmanaged or personal devices, and send sensitive data outside the organization through email body content or attachments. Since endpoint DLP agents may not be available or enforceable on these mobile devices, we need a CASB-based control layer for Microsoft 365 / Exchange Online.

The expected capability should allow administrators to define policies to detect sensitive content, classified files, confidential keywords, PII, or protected labels, and then apply enforcement actions such as block, alert, quarantine, require justification, or allow with logging. This should apply to both Outlook mobile app and Outlook webmail accessed from mobile browsers.

We believe CASB is the best solution because it can provide centralized control for cloud email usage, especially in scenarios where the device is unmanaged, off-network, or does not have an endpoint DLP agent installed. This would help reduce the risk of data leakage while still allowing users to access corporate email securely from mobile devices.

How do you currently solve the challenges you have by not having this feature?

Currently, we do not have any effective solution to address this use case.

Because the activity happens through Outlook Mobile App or Outlook Web Access on mobile devices, especially unmanaged or personal devices, endpoint DLP controls cannot be applied. As a result, we are currently unable to inspect, monitor, or block users from sending sensitive data through these channels in a granular and real-time manner.

This creates a control gap for mobile email usage, and we need a CASB-based capability to properly manage and enforce data protection policies for this scenario.

Hello Phuong,

Thank you for taking the time to submit your feature request and for providing such detailed information. We truly appreciate the effort you put into helping us better understand your requirements and use case.

We fully recognize the importance of CASB capabilities for monitoring and control of users sending sensitive data through the Outlook Mobile App and Outlook Web Access on mobile browsers. Your feedback highlights a valuable security scenario, and we understand why this functionality would be important for you.

At this time, however, implementing this capability would require significant architectural changes that we are unfortunately unable to accommodate within our current development plans. Our mid- to long-term roadmap is already fully committed with existing priorities and strategic initiatives.

That said, we continuously review customer feedback and evolving market needs when evaluating future enhancements. Should an opportunity arise in the future to revisit this area, we would be happy to reassess your request.

We sincerely appreciate your understanding, and we encourage you to continue sharing your suggestions and feedback with us. It helps us improve our product and shape future innovation.

Kind Regards,
Simona