Microsoft Message ID

microsoftmessageid

New Outlook for Mac shows private event details in a shared calendar – Outlook

Microsoft Technical Article






Technical Advisory: Private Event Visibility in New Outlook for Mac

🚀 Overview

This technical advisory concerns a privacy-related bug identified in the “New Outlook for Mac” interface. Under specific conditions, users within an organization may be able to view the full details of calendar appointments marked as “Private,” even when they have not been granted the explicit rights to see such sensitive information. This behavior compromises the standard privacy boundaries expected in shared calendar environments and is specifically linked to a range of production builds of the Microsoft 365 for Mac client.

⚙️ Key Technical Details

The following technical parameters define the scope of this issue:

  • Affected Application: This bug is exclusively found in the New Outlook for Mac experience. Legacy Outlook for Mac and other platforms are not cited as part of this specific behavior.
  • Version Range: The vulnerability is present in Outlook for Mac versions 16.60 through 16.69 (inclusive).
  • Sharing Configuration: The issue occurs when a calendar owner (User A) shares their calendar with the entire organization using either of the following permission levels:
    • Can view all details
    • Can edit
  • Nature of the Fault: The disclosure of private event details (including Subject, Location, Attendees, and Description) is intermittent. This means it may not occur every time the shared calendar is viewed, making it a subtle but significant privacy risk.
  • Authorized Exceptions: It is important to note that this does not affect Mailbox Delegates who have been officially granted the “Delegate can see my private items” permission; their access remains governed by standard Exchange permission logic.

⚠️ Impact

For IT Administrators and Security Officers, this issue represents a breakdown in data isolation and user privacy. When a user marks an event as “Private,” the expected behavior is that any shared user—regardless of whether they have “Full Details” or “Editor” access—should only see the item as a “Private Appointment” without further metadata.

In affected environments, the “New Outlook” client fails to properly filter these private metadata fields, potentially exposing confidential business meetings or personal appointments to the wider organization. This can lead to internal compliance concerns and a loss of user trust in calendar privacy features.

🛡️ Resolution

To resolve this issue and restore proper privacy filtering, IT Administrators must ensure that all managed Mac endpoints are updated to a supported build. Microsoft addressed this behavior in the 16.69.1 release.

  • Required Action: Update Outlook for Mac to version 16.69.1 or a more recent build.
  • Deployment: Use your MDM (Mobile Device Management) solution or Microsoft AutoUpdate (MAU) to push the latest cumulative updates for Office for Mac.

Read the full article on Microsoft.com


Prev :
Next :

Most Read

Recent News