Email apps that transmit TU Dresden credentials to external servers and store them there are not permitted under the IT regulations of TU Dresden. Transfer of credentials, which is usually not noticed by users, may allow third parties to access other TU Dresden services (e.g. Datashare, Sharepoint, VPN, group folders) in addition to the e-mail account.

The following Email applications are known to to transmit credentials:

• the Outlook app for Android and iOS
• Edison Mail
• Xiaomi Mail
• Spark Mail App
• Outlook for MacOS (when using IMAP with CloudSync)
• the "New Outlook"

If we become aware of any other affected email clients, we will extend the list.

The "New Outlook" or "Outlook (new)" is part of Windows starting with Windows 11 2023H2. This is not the conventional "Outlook" which is known as part of Microsoft Office, but a completely different application with a similar name.

The Windows version of the conventional Outlook from Microsoft Office is not affected by this problem. And the macOS version only when using IMAP and CloudSync.

If you have previously used corresponding e-mail applications, then

• please remove the TUD account from the application and
• please also change the password of your TUD account in the Self-Service Portal https://selfservice.tu-dresden.de/, as the password has already been transmitted to the external company

[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Options\General]
"HideNewOutlookToggle"=dword:00000001

(source:https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-on-the-web/enable-disable-employee-access-new-outlook)

You can remove the "New Outlook" with the following Powershell command:

Remove-AppxProvisionedPackage -AllUsers -Online -PackageName (Get-AppxPackage Microsoft.OutlookForWindows).PackageFullName