26
kurtr
2y

My company just migrated our mail servers over to office365. My boss has been excited and could barely contain himself when the migration was done he was having the best day ever after he got a good deal on some new toys...Then I ruined it.

Me (setting up) > WTF!? um...well I guess I don't have email on my phone anymore. These permissions are fucked.
Him > Oh why?
Me > They are ridiculous, I won't give away this much control just to read email.
Him (panicking) > and if buy you a company phone?
Me > Not a fuck it's still a personal device. I'll just sandbox the web version.
Him > Your over reacting, they obviously need them for security blah blah...
Me (sends him the pic) > The minimum system requirement is internet.
(...silence...)

I feel kinda bad for killing his vibe - he's a nice guy and he's only trying to do right by us but now he seems down like his toy isn't shiny anymore because he respects me. I wasn't beating on the stack or his choice (mines running on thunderbird). I just can't support this trend of GOD mode permissions for email / calculator and other single feature apps. I'll use the web app instead. You have to draw the line somewhere...

On the other hand I can't deny that I'm loving the irony that Microsoft just made my life easier and have a deep sense of satisfaction that for the first time ever I got fuck up his Friday :/

Comments
  • 11
    What the fuck kind of permissions request list is that?
  • 8
    @growling Apparently the kind I wouldn't accept if you paid me!
  • 3
    Looks like some blackberry remote wipe uber security level.
    I mean, it makes sense in a corporate world on a corporate device, but not on private devices.
  • 1
    I have the same thing for my Uni email :( and it's on a personal device too
  • 0
    Their web developers must be on another fucking level though - seriously next f#$cking level l33t !

    Would you believe that somehow even with all the permissions the native app NEEDS to work they somehow got the mobile version perfect and it didn't even ask for my location 🤯

    Fucking legends... I wanna be like them when I'm big.
  • 1
    My employer has a similar set of restrictions on email. Fortunately, owa works fine, and mailcal for Android is able to pull from owa.
  • 1
    @bahua nah these arnt his it's just part of the stack. The thing is it's not actually protecting anything - even if we were a big company that held super sensitive data. Big companies already know this - it's just anothet marketing campaign because security is a buzz word.

    Purging data takes longer than you would expect, so much so that by the time they hit the kill switch to wipe the phone. It would already be cloned and sitting in the lost and found. Also if the shit in our in boxes was that important - why is there there a web app that allowes plugins, not mention a pwa that's built to cache and even more importantly why are they injecting ads? Isnt it weird how their imap servers can connect to thunder bird and don't even need sudo?

    If anything it's a threat to security because now an attacker can take thousands of your own devices hostage and even use them to attack you from behind the firewalls and vpn.
    But that hackers already on the servers - he built several back doors before they even realised there was a front door.

    When your phone gets wiped it's not going to be a big scandal. It's will be an overeager junior support tech / she admin I'll.
  • 1
    @kurtr

    Of course. I know it's all theater and meaningless. But I also know that most managers are more taken in by smoke and mirrors than tech skilled people, and Microsoft has some of the best sales people in the world. So until that dynamic dies off, this is what we have to deal with this nonsense. So I was offering a solution.
  • 1
    @bahua I hear you and thank you for advice, and yes your also right because this "security" is one of the reasons my boss was so happy with his choice. Personally I couldn't care where our email is hosted - the most interesting thing to read on that server is the ridiculous bug reports i get.

    I'm more concerned about the small business were paying that maintains the product Microsoft marketed the he'll out of. The poor kid that did the migration sounded like it was his first day on the job. Now I wouldn't want him for example to have a direct kill switch for my devices because in reality it's more likely to be hit by accident or out of spite than to prevent an attacker neither company is looking for 👌
  • 0
    But basically you're not giving permission to ms, but to your sys admin... And big companies need this shit
  • 1
    If it supports IMAP, just add it to your Gmail app?
  • 1
    @ThomasRedstone he is so concerned about permissions and you suggest gmail app? 😂
  • 0
    @dontbeevil Gmail doesn't give your exchange admin the ability to wipe your phone ;-)
  • 0
    @ThomasRedstone just suggest any other imap mail client but gmail ;)
  • 1
    But its built into Android, and isn't shit ;-)
    If you hate Google, then obviously don't use it
  • 1
    @ThomasRedstone My University has gmail based email domain and it requires similar permissions . I've been using it on Outlook
  • 1
    Holy motherfucker hell that's fucking ridiculous 😶
  • 1
    @Anu-cool-007 damn, just tested it myself and to setup Gmail with my work exchange mail I have to give Gmail those shitty permissions, did not expect that!
  • 0
    @ThomasRedstone so use Gmail on Outlook and O365 on Gmail? nice 🤣
  • 1
    @linuxxx yeah, sounds like there are limited options to get this to work, this may be a good option:
    https://play.google.com/store/apps/...
    It stops the permission being requested in other apps
  • 0
    @ThomasRedstone it's normal, a gmail (or any official client) cannot overcome ypur sys admin exchange permissions settings
Add Comment