What does 'Microsoft Office Defense in Depth update' really mean?
There’s a series of August 2018 patches under the broad heading ‘Microsoft Office Defense in Depth update’ which seems to be obscure important changes in Outlook 2010 through 2016.
ADV180021 is called “Microsoft Office Defense in Depth Update” and “Microsoft has released an update for Microsoft Office that provides enhanced security as a defense in depth measure.”
All that tells us nothing, ‘defense in depth’ sounds impressive but little else.
Outlook 2016 change
In fact, there’s an important change for Outlook 2016 / Outlook 365 users.
If you’re making a digitally signed, rights-protected, or encrypted email message, now you can’t add cloud files as attachments to the email.
The workaround is to make a copy of the cloud-stored file then email the copy.
Scroll down the page to see there are updates for Outlook 2010, 2013, 2016 and Outlook 2016 for Office 365 users (click to run).
What do those updates do or fix?
It depends. In Outlook 2010 it only fixes this problem
Dynamics CRM functionality is blocked unless you enable all roaming folder homepages by using the EnableRoamingFolderHomepages registry key that is documented in the following article:
Microsoft Dynamics 365 for Outlook is unable to render webpages after installing the October 2017 Microsoft Outlook security update
But in Outlook 2016 it covers that CRM issue plus a lot more problems, both security and non-security. It also introduces a new phrase to the Microsoft dictionary: cloudy attachments.
- “With this update installed, Microsoft Outlook 2016 restricts users from adding cloud files as attachments to digitally signed, rights-protected, or encrypted email messages. If you try to send such email messages, the email messages can’t be sent, and a dialog box notifies you why it can’t be sent. In this case, you would have to remove the attachments or attach the cloud files as a copy.
- Add translations in all languages for Outlook 2016 update that restrict the user from adding cloudy attachments to digitally signed, rights protected, or encrypted messages. (This is related to that issue that is described in the previous bullet.)
- This update improves translations of first, middle and last names labels in French to make sure that the meaning is accurate.
- This update fixes a potential crash in third-party MAPI applications.
- Outlook 2016 may still start in Offline mode even though you set it to start in Online mode.
- Assume that you sign in to Outlook 2016 by using an account that doesn’t use the modern authentication in Windows 10. The Security Support Provider Interface (SSPI) authentication prompt will sometimes appear behind other windows, and it is inaccessible by keyboard. See KB 4032226for more information.
- Add translations in all languages for the client fix that addresses an issue where the authentication prompt would sometimes appear behind other windows and may be inaccessible to the user. (This is related to the issue that is described in the previous bullet.) “