Home / Portfolio / Outlook Validation Add-in Development For Secure Email Sharing

Outlook Validation Add-in Development For Secure Email Sharing

A secure Outlook add-in that runs pre-send checks of AIP labels, therefore guaranteeing correct labeling of data and compliance for all correspondence.
Hero image

Client Overview

Our client, an international financial services organization, had to manage highly confidential communication across global teams. The recent implementation of Microsoft Azure Information Protection has empowered them to elevate data governance by avoiding mislabeling in emails and attachments. However, this unnamed company works within a highly regulated environment where interdepartmental and external data exchange requires proper and consistent labeling to avoid compliance risks and data breaches.

Challenge

As the client continued to scale the AIP deployment, manual label selection often resulted in errors, with internal emails being sent with external labels, revealing sensitive information, or overly restrictive labels hindering the free flow of information across departments. Existing tools lacked proactive validation at send-time, resulting in post-send audits, compliance violations, and delays in sending messages. All in all, the client was looking for a new solution for Outlook Desktop and Web (Exchange email account) that had the ability to scan recipients (To/Cc/Bcc) and attachments according to custom AIP labels, such as "internal default," "interdepartmental," and "external," and to intuitively prompt users while maintaining SOC II compliance and avoiding user inconvenience to the extent possible.

Main Objectives

To mitigate the client's compliance concerns and enhance accuracy in email labeling, the objectives set out were:

  • Implement Level 1 (basic confirmation) and Level 2 (recipient-based verification) to block submissions when labels don't match, preserving drafts for revision.
  • Provide compatibility with New Outlook Desktop and Web, using Microsoft Graph API for recipient/attachment checks.
  • Create clear pop-ups with instructions for users (e.g., "Check the label for external recipients") and maintain an audit log.
  • Conduct a feasibility study, propose an architecture, and estimate costs/timelines for both layers, identifying dependencies such as API AIP limitations.

About the Project

We designed an Outlook add-in for new versions of Outlook Desktop and Outlook Web with deep integration with AIP to check the labels for recipients and attachments before sending. The solution was released within two months and supported enterprise deployment through the Microsoft 365 admin center, with a focus on ease of use for non-technical users. The project included a feasibility study, the creation of an MVP, and a security audit, which resulted in a scalable tool that guaranteed compliance with AIP policies without disrupting workflows.

  • Region: Germany
  • Industry: Financial Services
  • Timeline: 2 months

Solution

The final product represented a comprehensive add-in with a phased implementation: feasibility study first, then MVP for Level 1, and full rollout for Level 2. The tool was triggered by clicking the "Submit" button, performing a scan through the Graph API without any external data storage.

Validation Workflow

  • Trigger & Level 1 (Basic Confirmation): Whenever a user clicked the "Send" button, a pop-up appeared asking if the user had selected the correct label for the email. If the user chose "Yes," it sent the email while saving it as a draft upon choosing "No."
  • Level 2 (Recipient-Based): The system checked the "To," "Cc," and "Bcc" domains and attachments against the criteria selected for the label applied, such as "For Internal Use Only" for the default label. If there was a mismatch, for instance, with an external recipient for a departmental label, the send was blocked with the message, "Some recipients/attachments do not match the label criteria. Review and correct." The details were logged for administrator review.
  • Edge Processing: Unsupported attachments were flagged for manual review and integrated with AIP for auto-suggestions of labels.
  • Security Features: The add-in was compatible with the on-premises platform, SOC II verified, and GDPR compliant with role-based access and encrypted logs.

Deployment & Architecture

  • Central deployment via Microsoft 365
  • Architecture used Graph API for real-time queries and Azure Functions for lightweight processing
  • Dependencies: AIP licensing, Graph permissions
  • Limitations: Web version API caps (mitigated by batching), available only with the Exchange email account.

Technology Stack

The solution was built using a modern Microsoft-based tech stack comprising the following components:

  • Core Framework: Microsoft Office Add-ins (Office JS API) for Outlook integration.
  • Frontend/UI: React for pop-up interfaces and workflow screens.
  • Backend: Node.js/Express for validation logic; Azure Functions for serverless processing.
  • Database: Azure Cosmos DB for audit logs and configurations.
  • Deployment: Microsoft 365 Admin Center; CI/CD with Azure DevOps.

Results

As a result, we achieved all our goals, with the delivered solution bringing quantifiable improvements in the communications processes of our client.

  • Efficiency Gains: The average send time was reduced by 25% thanks to intuitive prompts, with 85% user adoption achieved within 2 months.
  • Scalability: Over 50,000 emails per day were processed, while the audit logs gave visibility for proactive policy changes that freed up over 200 hours of reviews per month.

Core Team

  • Project Manager: Coordinated timelines and client feedback loops.
  • Full-Stack Developer: Handled Office JS and Graph API integrations.
  • Frontend Developer: Designed user-friendly pop-ups and workflows.

Get in Touch with Us

Please enter your name.
Please enter a subject.
Please enter a message.
Please agree to our Terms and Conditions and the Privacy Policy.
Submit

This site uses technical cookies and allows the sending of 'third-party' cookies. By continuing to browse, you accept the use of cookies. For more information, see our Privacy Policy.