Outlook Flaw Compromises Exchange Online Native Data Protection

A bug in Outlook desktop’s implementation of the MAPI over HTTP protocol allows users whose mailboxes are on hold to remove attachments from messages. The removal is not captured by the copy-on-write feature of Exchange Online Native Data Protection, which potentially compromises the ability of Data Governance managers or eDiscovery investigators to recover information needed for compliance purposes. All in all, it’s a mess that Microsoft needs to clean up quickly.