I just wanted to know if I can disable MAPI in outlook 365 in order to prevent the cyber attack using ruler/MAPI? If I disable the MAPI, will the clients email flows be affected ? or Is there any business impact if I disable the MAPI?
Also, some sort of suggestions to prevent the ruler/MAPI attack would be much appreciated.
Thanks,
Praba
No, MAPI is the native API for Outlook. It cannot be disabled.
Outlook is built on top of Extended MAPI subsystems and if you disable them you will not be able to use Outlook at all. It is like if you disable Windows API - any application will not be run on Windows.
Related
There used to be an option when setting Out Of Office to prevent automatic replies for mail addressed to groups. It no longer appears to be available in Notes 10/11 Does anyone know how to achieve this functionality, it seems quite a basic requirement so I feel I am missing something?
Many thanks.
As it was in Notes 7.
I have code which will send email when done through a button click.
I have scheduled the same code to run periodically through Task Scheduler. The mail gets in draft stage.
Issue 1: if I use .Send, there is a security pop up with allow or deny options
Issue 2: to avoid the above pop up, I used .Display, wait for the application and sendkeys --> this is working when run through button click but when run through scheduler the email stays in draft stage.
Issue 1 : if I use .send in mail, it ask for a security pop up with allow or deny option
This is a standard security prompt in Outlook. "Security" in this context refers to the so-called "object model guard" that triggers security prompts and blocks access to certain features in an effort to prevent malicious programs from harvesting email addresses from Outlook data and using Outlook to propagate viruses and spam. These prompts cannot simply be turned off, except in Outlook 2007 with an anti-virus application running. This page discusses strategies for avoiding security prompts.
Issue 2 : to avoid the above pop up, I have used .display, wait for the application and sendkeys -->
All current versions of Microsoft Office were designed, tested, and configured to run as end-user products on a client workstation. They assume an interactive desktop and user profile. They do not provide the level of reentrancy or security that is necessary to meet the needs of server-side components that are designed to run unattended.
Microsoft does not currently recommend, and does not support, Automation of Microsoft Office applications from any unattended, non-interactive client application or component (including ASP, ASP.NET, DCOM, and NT Services), because Office may exhibit unstable behavior and/or deadlock when Office is run in this environment.
If you are building a solution that runs in a server-side context, you should try to use components that have been made safe for unattended execution. Or, you should try to find alternatives that allow at least part of the code to run client-side. If you use an Office application from a server-side solution, the application will lack many of the necessary capabilities to run successfully. Additionally, you will be taking risks with the stability of your overall solution. Read more about that in the Considerations for server-side Automation of Office article.
As a possible workaround, you may use a low-level API which doesn't trigger security prompts - Extended MAPI. Or just any wrappers around this API such as Redemption. It allows bridging both issues.
I'm not even sure if it's possible at all. Earlier, I've been designing addons to Outlook and Excel (using VSTO and VBA). Now, my company got into this Office 365 thinking and we have all our environment online, no local software at all, strictly and only web client approach.
It's got its advantages. But the downside is that out support have no clue how it works (except to tell us to click the settings and look for options, sigh). So, I wonder if it's possible to develop and somehow upload my own customizations (NB we have no servers in the cloud - everything is provided on SAS basis).
Suppose I'd like to:
mark all emails from a certain sender with yellow background in the list in Outlook, or
highlight every occurrence of the word "donkey" in the text mass in Word.
Is it doable at all?
I've googled for it but all I can see is that there's an API and that we need to runt the stuff on our own servers. Am I just confusing myself here?
First of all, if you have O365 subscription, you actually still have the ability to download all desktop version of Office. So your existing customizations should still work on Desktop version of Office.
Second,check out Office Add-in on dev.office.com. Office Add-ins extend the functionality of Office with a web app that lives within Office applications. They work similar to traditional VBA add-ons and we have a rich set of API that helps you interact with Office. This is basically a web app with JavaScript, HTML and CSS. You can build it with any tools you are familiar with and host it anywhere. It is really easy to build and let us know if you have more questions.
Thanks,
Sky
Your best bet for highlighting messages from specific senders would be to use the Outlook REST APIs to access the messages and either stamp a specific category color on the messages, or a flag to highlight the message in the list view. That approach would work across both Web, Outlook, and even Mobile (if you use flags). The new Outlook add-in model is powerful and works for Outlook on the Web, as well as Outlook on Windows, but doesn't allow you to update the colors of the list view add-ins.
I am currently using Microsoft Outlook 2013 and Access 2013. When I upgraded to 2013, there was a security update that doesn't allow the SendObject method in Visual Basic. It's not allowing me to send emails from my program in Access.
Is there a way around this security update?
There was no such security updates. Most probably you are talking about the standard security prompt in Outlook. See Outlook "Object Model Guard" Security Issues for Developers for possible options.
I'd recommend using the Outlook Security Manager component which allows to supress such prompts or avoid errors in the code.
Is there any other way to get rid of this outlook security message? "A program is trying to automatically send e-mail on your behalf ... and so on" and it gives me an option to select Yes , No & Help.
Im currently developing an outlook automation app using Ms Access. Everytime I issue Send command this message popups, I tried using SendKeys "%s" but it does not work in Access 2007.
Is there any alternative solution for this? Thanks!!
You may wish to consider Outlook Redemption
From the blurb:
Outlook Redemption works around limitations imposed by the Outlook Security Patch and Service Pack 2 of MS Office 98/2000 and Office 2002/2003/2007 (which include Security Patch) plus provides a number of objects and functions to work with properties and functionality not exposed through the Outlook object model.
Microsoft doesn't want scripts to be able to send email without the user's consent. According to KB 263084, you can do one of the following (which avoid the scriptable interface or configure the system to supress the message):
change some Exchange Server settings
use CDO
Use Extended MAPI
use a COM add-in
I don't think any of the programming solutions is particularly simple, and applying changes to Exchange might not be a solution for you (especially if your application is supposed to work with Outlook clients that aren't in an Exchange environment, of course).
You can avoid this by relaying the message directly to an SMTP server, rather than using Outlook to relay the message. The security warning is there to stop people like you from sending messages from my account without my knowledge. Although you have good intentions, what you are writing is essentially virus-like (imagine if you could do this without the security prompt - spam-heaven!)
If you don't want to use Redemption (others already adviced so I think you don't), you have another option that I can assure will be a lot more painful to implement.
Basically what you will need to do is to create an Add-In instead an external program. The Add-In is able to do whatever you want to Outlook, without getting those messages.
You can probably make the Add-In act like a simple server - do things you want by receiving commands from the outside world (in case you can't do whatever you need to do from within Outlook).
Maybe you can lift a WCF service (IPC or Inter Process Communication, that works like a shared memory between two processes).
Please note however that you will probably be better if you just use Redemption or just an Add-In.
Connecting Outlook with external process is a pain and it get's worse by the fact that the Outlook classes are not serializable. So basically you will need to do add Data Transport Objects for each and every class you need to access through your app.
Maybe if you resolve this one it will be a bit easier to implement but it is still a challenge.