I have a question regarding the security of accessing my work’s network of OneDrive and Exchange on my private computer. I’m just a hobbyist, not someone with an IT background, although I’ve learned a lot in the past few years. Nonetheless, mostly I just make do with fiddling around by looking at guides that inform me on improving my setup. But in this case, I really want to make sure I’ve not created a security flaw.
The situation is as follows. I have a work laptop with Windows which is using Onedrive and Teams and Outlook and Exchange. Most of my work consists of Outlook, Teams, Word, and browsing. The whole system is locked down, we can’t install anything, even a lot of browser addons are blacklisted and only a few are allowed. We are allowed to access mail, contacts and calendar (via Exchange) on private hardware like phones and computers.
I’ve been using Linux for a few years as my little revolt against Big Tech and it was increasingly bothering me that while I did everything on Linux in my own time, I spent so much time in Windows doing things I could easily do in Linux. The lack of control and privacy also annoyed me. I have in the past looked at adding Onedrive like I’ve added my Nextcloud, but that seemed like a hassle back then: either paid options, or “complicated” terminal tools. Onedrive was the major issue, since I lacked a syncing tool for my documents if that didn’t work on Linux.
However, when I looked again this week, I stumbled upon Onedrive by Abraunegg and was up for a little challenge. I usually limit myself to GUI stuff, but have done some stuff in the terminal now and then. I managed to get it all up and running and it works like a charm.
So I created a new user on my private laptop, to limit work apps. Installed the Onedrive client, Teams, added my mail to Evolution, Thunderbird and Geary (but found it impossible, or at least I didn´t see how, to see my colleagues calendars to make appointments) so I made Outlook with Nativefier. And in this current setup I can do about 95% of my work in Linux.
But then I started to wonder. Am I being a security risk with this setup for our company? Since Exchange is already allowed and easy to setup and the Onedrive client is working via the API in https, I thought I should be fine. But still I wanted to make sure.
I’m very curious what you guys think!