Back to Community Threads
7
Future of MAPI and Office Products
Question asked by Jay Dubb - 12/25/2020 at 5:25 PM
Answered
I've read a few articles saying Office 2019 is the last version for which Microsoft will sell perpetual licenses.  Beyond 2019, customers will be pushed into the hosted/subscription model.  Worse, word is they will force-proxy all mail connections, even for non-Microsoft-hosted email accounts, through the MS cloud.  The registry hack we use now (according to some) may be ineffective at preventing that in future hosted products.

I saw the discussion about proxying in an article for the healthcare industry.  Concern is even communications that should never leave the in-house mail system, would be forced to proxy through the MS cloud in upcoming Outlook versions.  This potentially exposes privileged internal communications about patients to a network outside the company.  

First, is there validity in the reports that after 2019, there will be no more perpetual licenses, only subscriptions that are hosted?  

Second, is there validity in the report about forced proxying through the cloud, even for non-Microsoft-hosted mailboxes?

Third, what might that mean for MAPI and SmarterMail?  By force-proxying all connections through their cloud, will that make MAPI in SM obsolete/irrelevant?  The possibility of that really bothers me.

I hate that Microsoft is biting the hands that have fed them so well for decades-- all who have run their hosting businesses on Microsoft products.  Instead of being the provider of our server platforms, they pivoted to become DIRECT COMPETITORS via Azure and are doing so, in part, by undercutting us on pricing (after you factor in what we have to pay under our SPLA contracts).  Antitrust, anyone?

28 Replies

Reply to Thread
2
Sébastien Riccio Replied
12/26/2020 at 1:13 AM
Hello,

I don't know about the switch to subscription based licensing, but I wouldn't be surprised that it happens. It's a long time they (and not only microsoft) heads to software as a rented service (and the need to connect to their cloud) instead of the standard buy the product once and use it the way you like.
This is very annoying.

About the proxying, that is something we've noticed while troubleshooting customer issues on Outlook mobile apps.
While doing IMAP connection troubleshooting we were searching for the customer IP address in our IMAP logs and were not able to find anything.
Instead there was connections from microsoft's network trying to log in as our customer.
So what does it means ?
It means that their apps doesn't connect directly anymore to the service but instead is more like a frontend that connects a backend of their client app that runs on their servers and this is unacceptable.
- What happens if their backend is temp. down, it would add a point of failure and customers would blame us for this as for them they are customers of OUR services.
- What's up with security and encrypted communications. Their backend are connecting to our service with TLS with a secure connection and another secure connection is established between their backend and the application. Ok well but isn't this a man in the middle attack ? They have access to the clear text data stream, also to the creditentials, etc. Unacceptable again.
- Also how then you keep some control of IP based whitelisting/blacklisting/ratelimits if everything gets proxied through their cloud

So at the moment it seems the mobile versions of outlook are working like this. I've heard the new outlook for mac version will also be like this as they tend to want to use the same engine for all.

We were in a hurry so I had not the time to dig deeper and "wireshark" communications client and server side to study better the story, but it's really worrying.

Kind regards.
Sébastien Riccio System & Network Admin https://swisscenter.com
0
Jay Dubb Replied
12/27/2020 at 6:38 AM
If it wasn't for Outlook, I know several businessowners who would immediately switch away from MS Office to LibreOffice.  I know a few who switched to OpenOffice and Thunderbird for a while, but eventually came back to MS Office due to Thunderbird being an insufficient replacement for Outlook... no to mention the OpenOffice project ending.

While LibreOffice looks/feels more like Office 2010 than 2013-2016-2019 (probably the toolbar ribbon) it's still very functional.  It's Outlook that is the hangup.  It's the reason we haven't switched in our company, and I know other companies in the same predicament.  

It would be really cool if SmarterTools developed their own Outlook alternative-- one that meshed with SmarterMail perfectly, and had ALL the functionality of Outlook... and could also seamlessly talk with Exchange Server for customers who also need that.  Seems like nobody wants to go head-to-head with Outlook.
3
kevind Replied
12/27/2020 at 10:47 AM
The suggestion I've been making for the last few years is to add more desktop functionality to webmail. Make it so good that it eliminates desktop clients like Outlook.
0
echoDreamz Replied
12/27/2020 at 9:47 PM
We have TONS of clients who absolutely despise web-based anything. Myself personally, I too am this way, though it varies depending on what it is.
1
Jay Dubb Replied
12/28/2020 at 9:05 AM
Not to mention, Outlook aggregates many different email accounts from different providers into a single pane of glass, more efficiently than POP retrieval in webmail.  I seriously hate Outlook.  It's bloated, PST files go corrupt for no apparent reason, and I'm sick of having to learn where everything was moved to after each version upgrade... but I need what Outlook does.  I have Exchange Server accounts, POP3 accounts hosted on SmarterMail, POP3 accounts with my ISP, and I even connect to one of my SmarterMail accounts with ActiveSync (Outlook 2016, which I know is discouraged but it works fine).  

Short answer is, Outlook is a necessary evil.  I just wish someone, anyone, would come up with an app that was a serious Outlook replacement.  As much as I'd like to use Thunderbird, it's just not at the level needed to knock Outlook off its throne on corporate desktops.  (notwithstanding all the 3rd party products that use Outlook connectors/integrations, such as ACT, Quickbooks, and countless others)
5
Tim Uzzanti Replied
12/28/2020 at 10:10 AM
Employee Post
All, Here are my thoughts:

1. Outlook isn't going anywhere.
2. MAPI isn't going anywhere.
3. EWS is being used to implement new features to complement MAPI.
4. eM Client is a good alternative to Outlook for Windows and now MacOS. We have a very good relationship with the eM Client team, and they are quick to fix issues. So I'd suggest giving it a try. 

There is one area Microsoft is playing with fire and I think its going to backfire on them in the near future. It is based on their acquisition of Accompli. 

When setting up Outlook for Mobile, Outlook first connects to Microsoft servers and then the Microsoft servers connect to Gmail, Yahoo, SmarterMail, Exchange, Office365, etc. This duplicates all users' emails on Microsoft servers, and we know nothing about what is currently done with those emails at Microsoft. Outlook for Mac has an experimental version that is doing the same thing. This makes it pretty clear where Microsoft is headed. 

Microsoft is doing this to simplify the Microsoft clients moving forward. This means all the protocols and "brains" are on Microsoft servers, connecting to the variety of servers you have configured by protocol, etc. This will give Microsoft access to all users' emails, no matter what servers or services they are using. When companies and users realize this is occurring, this will cause some issues! Microsoft can say this is to help speed up processing of emails, to help integrate other social services like LinkedIn, Git, etc. and provide any other reasoning or logic behind why they're doing it. However, privacy implications of this are just too great to ignore. There will be pushback, there will be people abandoning Outlook, and, will further push people to products and services like SmarterMail so they can "own their own data".

Hope this helps,
Tim Uzzanti CEO SmarterTools Inc. www.smartertools.com
2
Jay Dubb Replied
12/28/2020 at 11:07 AM
This means all the protocols and "brains" are on Microsoft servers, connecting to the variety of servers you have configured by protocol, etc. This will give Microsoft access to all users' emails, no matter what servers or services they are using. When companies and users realize this is occurring, this will cause some issues! Microsoft can say this is to help speed up processing of emails, to help integrate other social services like LinkedIn, Git, etc. and provide any other reasoning or logic behind why they're doing it. However, privacy implications of this are just too great to ignore. There will be pushback, there will be people abandoning Outlook, and, will further push people to products and services like SmarterMail so they can "own their own data".
^^^^^^  THIS, exactly  ^^^^^^^

Any time you send a non-Microsoft password to Microsoft, you are implicitly trusting them to do ONLY the right thing and pass it through.  AND you are trusting their employees to behave.  AND you are trusting them to NOT get hacked.

Think what happens if a threat actor gets access to the Microsoft cloud, and is therefore the man-in-the-middle for every email transaction, public and private.  Think about the HUGE attack via SolarWinds, currently ongoing.  Some of the biggest/best networks are totally compromised, undetected for months.  Imagine a blackhat getting 100's of millions of email passwords for HIGH VALUE targets, like corporate executives, military leaders, kings, and anyone else using Outlook that force-proxies through the cloud.  

In that instance, we are not talking JUST the Microsoft hosted emails being compromised.  We're talking every email account, both public and private, that is configured in Outlook-- even private messages that should never have left the internal corporate network, but were force-routed through Microsoft first.

Talk about your nightmare scenarios!!!
 
5
Tim Uzzanti Replied
12/28/2020 at 1:38 PM
Employee Post Marked As Answer
Jay,

You are seeing the risks very clearly!  

The SolarWinds and the Microsoft authentication issues that compromised so many government servers and companies should cause Microsoft to re-think their approach.
Tim Uzzanti CEO SmarterTools Inc. www.smartertools.com
1
Jay Dubb Replied
12/29/2020 at 7:27 AM
Tim Uzzanti wrote:  The SolarWinds and the Microsoft authentication issues that compromised so many government servers and companies should cause Microsoft to re-think their approach. 
100% agree.  But will Microsoft's arrogance and dreams of cloud-based domination allow them to see the trees (liability) in despite the forest (absolute control over email)?  Hmm.

They've seen the iron-fisted control Apple has over its users and devices, and clearly they want the same for themselves.  The notion of making everything "easy" to integrate in the cloud is just an excuse, to bait people into thinking it's a "good" idea.  

I'm fighting a similar battle with single-sign-on (SSO) where the C-suite wants to expose our Active Directory publicly so all the cloud services we subscribe to can authenticate against it, for sake of user convenience.  I have several arguments against it, none the least of which is, if someone's Windows (AD) password is compromised, the blackhats can (theoretically) access every single cloud service to which the company subscribes, until the password exposure is discovered and changed.  I'm a firm believer in different credentials for each service.  SSO completely negates that safety net.  But that's a topic for another thread, I suppose.
0
Ionel Aurelian Rau Replied
1/11/2021 at 4:50 AM
Can you please post here some source for the information on Outlook proxying emails through their cloud or anything like that?
We`d like to investigate this further and cannot really find any articles on this matter.
Thank you!
2
Seph Parshall Replied
1/11/2021 at 9:02 AM
Microsoft plans to get rid of desktop Outlook apps in favor of unified web app
1
echodreamz Replied
1/12/2021 at 12:05 AM
Will see, a ton of people from what I've seen on Reddit, Microsoft's forums and other places hate this PWA idea.
0
Ionel Aurelian Rau Replied
1/12/2021 at 7:55 AM
Thanks for link Seph. We`re very curious how this will actually turn out.
2
Sébastien Riccio Replied
1/12/2021 at 8:50 AM
For outlook apps proxying through their cloud, it seems it was already the case since 2015:

We really don't like this
Sébastien Riccio System & Network Admin https://swisscenter.com
0
Jay Dubb Replied
1/12/2021 at 3:18 PM
There's a registry patch to force Outlook to expose the additional server settings we've customarily had, so that helps a little.  But we can expect that to go away with the non-desktop versions being forced on us.
 
0
Ionel Aurelian Rau Replied
1/13/2021 at 1:38 AM
With regards to the Outlook for Android/iOS, I understand MS has made some changes in 2019: https://mspoweruser.com/great-news-outlook-mobile-no-longer-stores-your-credentials-on-microsofts-servers/
I wonder, is it still the case the Outlook for Android/iOS proxies the connection to 3rd party servers (e.g. SmarterMail) though the Microsoft cloud?
4
kevind Replied
1/18/2021 at 3:00 PM
Guessing everyone got the email from SmarterTools last week on The Demise of IE and Where Browsers are Headed. Here's one paragraph of the blog post:

Then there is the direction of the web: the improvements in web technologies, the development and implementation of new platforms and frameworks, and everything that goes along with it: Web Assmbly and Progressive Web Apps are basically websites that act like applications – they use web technologies but install like applications; ... Then there is the maturation and “mutation” of the building blocks of the web, like JavaScript, PHP, Ruby and more. Each of these technologies continue to grow, improve and transform as the web continues its own growth as an integral part of everyday life.
This supports enhancing webmail with less emphasis on Outlook. Sounds good as it solves the security issues of "One Outlook" discussed above. Why not build a web interface that's as good as Outlook? 
1
echoDreamz Replied
1/19/2021 at 4:09 AM
Glad to see IE is dying finally. Though, doesn’t change my dislike for using web over a dedicated true native app. With that said, a SM PWA app that integrates into notifications and runs much like an app does would be beneficial to some. 
4
Joe Davis Replied
2/10/2021 at 11:10 AM
Tim's suggestion to use eM Client is spot on. We experimented with it for years but last year we were able to completely leave Outlook behind for our own company. It works very very well with Smarter Mail via EWS. Has a ton of features, many that Outlook doesn't have or are implemented better than Outlook. Now that we're familiar with it enough to support it, we've begun recommending it to our clients. Some are stubborn and won't leave Outlook behind (I've been using Outlook since Windows 3.1 days so I get it), others have embraced eM Client and are happy to do so; even when they still use the rest of the Office suite.

Do yourselves a favor and give eM Client a serious look.
3
echoDreamz Replied
2/10/2021 at 1:30 PM
em Client is legit. +1 for my support on it too :)
0
I love emClient too! I think it's better than Outlook in many cases.

But still it is always very difficult to convince customers to abandon Outlook (sometimes also because they have integrations with their business software, and in these cases I understand them ...).
Gabriele Maoret - Head of SysAdmins and CISO at SERSIS Currently manages 6 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 5 on-premise for customers who prefer to have their mail server in-house)
1
Jay Dubb Replied
2/17/2021 at 9:37 AM
Yeah, the software integrations have been a real stumbling block for us, in weaning our customers off Outlook.  There are so many line-of-business apps that integrate specifically with Outlook, it would prevent a lot of folks from switching even if they wanted to.  Losing that automation would set them back years, insofar as convenience and efficiency.  

We're just as stuck here, running apps that rely specifically on Outlook... and believe me, we have grown to really HATE Outlook.
0
Seph Parshall Replied
2/17/2021 at 10:21 AM
I've been testing EM Client for over a month now to prepare recommending it to clients and migrating them. But the search for a word in body of emails does not work at all for me. It is my only stumbling block. It's straight forward to use but does nothing for me. It just lists 100 emails each time. Can't figure it out. Any ideas? Search for Sender & Subject work fine. Using it with Exchange Web Services to my SmarterMail account.
0
Derek Curtis Replied
2/18/2021 at 2:54 PM
Employee Post
Just wanted to drop this in here as we talk a bit more about the direction of Outlook, Exchange and Microsoft in our latest blog post..


As for eM Client -- I agree that it's one of the best alternatives to Outlook out there, and the devs are extremely responsive! We've worked with them off and on for several years and they're always willing to help and answer questions. Great group of people!
Derek Curtis COO SmarterTools Inc. www.smartertools.com
0
Sébastien Riccio Replied
2/18/2021 at 3:30 PM
Thanks for the blog article Derek.

In addition to standardizing licensing, Microsoft is standardizing how Outlook connects to Exchange. Rather than a range of different syncing technologies, they are transitioning to using the Microsoft Sync Technology (MST), which will be used by all versions of Outlook across all platforms
So what does this means for all the efforts put into integrating MAPI and the others protocols (EAS/EWS). Will the new Outlook clients supports them or be only using MST.

For On-premise installation of exchange-like mail servers, are we heading back to using standards non-proprietary protocols like IMAP/SMTP/CalDAV/CardDAV ?

Kind regards.
Sébastien Riccio System & Network Admin https://swisscenter.com
0
Derek Curtis Replied
2/18/2021 at 4:56 PM
Employee Post
All that is changing is Microsoft wants to put their Microsoft Cloud servers between your Microsoft Outlook client (desktop or mobile) and your actual mail server or mail service.

Microsoft Cloud servers will still be using all the same protocols (EAS, EWS, MAPI) to communicate to SmarterMail or some other service. The Microsoft Outlook client itself will then communicate with Microsoft Cloud servers using MST.

If you use a mail server that only supports IMAP / SMTP, you can still expect lessor capabilities in Microsoft Outlook because Microsoft Cloud servers will be limited and that will flow upstream.

Having these servers in the middle of all this, and having to use these servers for sending/receiving email will be a real nightmare. For example, there's issues now with sending mail using Outlook mobile that's affecting a ton of people regardless of the mail server or service they're using. More information on that can be found in this thread: 
Derek Curtis COO SmarterTools Inc. www.smartertools.com
0
Mike Mulhern Replied
2/19/2021 at 8:14 AM
Anyone have experience with eM Client's email address auto-complete feature?  Is it on par with Outlook where most frequently emailed addresses come up first?
1
Hi Mike.

EM Client auto-complete is far better than Outlook, because it uses the AddressBook for autocomplete, while Outlook doesn't use it.
Gabriele Maoret - Head of SysAdmins and CISO at SERSIS Currently manages 6 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 5 on-premise for customers who prefer to have their mail server in-house)
Back to Community Threads

Reply to Thread

Enter the verification text

Related Knowledge Base Articles

Set Up a MAPI Account in Outlook 2016 and Above for WindowsSmarterMail > Desktop and Mobile Synchronization
How to Thoroughly Replace Your MAPI AccountSmarterMail > Troubleshooting
Overview of EAS vs. MAPI & EWS vs. IMAPSmarterMail > Desktop and Mobile Synchronization
Migrate an Account From Another Service into SmarterMailSmarterMail > Domain/User Configuration and Management
Maintenance and Support - Renewal / ReinstatementGeneral Topics