Microsoft Exchange Online (EXO)

This page is only available in English.

The following list shows all approved and requested mail apps for Exchange Online.

The permissions and privacy policies of each requested mail app are checked. If app permissions are too extensive or data is not handled in accordance with ETH guidelines due to the privacy policy, the Cloud Service Center reserves the right not to approve mail apps.

Mail apps are generally approved, i.e., there is no self-registration.

Oops, it seems that you need to place a table or a macro generating a table within the Table Filter macro.

Mail-App	Initial Requester	Approver / Rejecter	Status	Permissions	Date	Notes	Link to Privacy Policy	App-ID
FastMail	Christian Holz	Jabbes Kerim (ID)	OPEN	IMAP.AccessAsUser.All SMTP.Send	20 Oct 2025	Datenstandort: Fastmail betreibt seine Server ausschliesslich in Australien (Sydney, Melbourne). Quelle: Fastmail DPA Annex 2 – Data Location Kein Angemessenheitsbeschluss: Australien hat keinen Angemessenheitsbeschluss nach EU-DSGVO oder CH-DSG. Fehlende Standardvertragsklauseln für EU/CH-Transfers: Fastmail verweist zwar auf ein DPA, nennt aber keine implementierten EU-Standardvertragsklauseln (SCCs) für Datenübermittlungen aus der EU oder Schweiz. Quelle: Fastmail DPA Unklare Drittlandübermittlungen: Laut DPA darf Fastmail Kundendaten „an jedes Land oder Territorium“ übertragen, wenn es für den Betrieb notwendig ist. Quelle: Fastmail DPA Annex 1
HEY	Huang Yijiang	Dunkl Apon (ID)	APPROVED	Delegated permissions: offline_access Mail.Send	22 Jan 2025	We are compliant with GDPR and you can check out all the details here: https://basecamp.com/about/policies/privacy. Specifically this section: When transferring personal data from the EU The European Data Protection Board (EDPB) has issued guidance that personal data transferred out of the EU must be treated with the same level of protection that is granted under EU privacy law. UK law provides similar safeguards for UK user data that is transferred out of the UK. Accordingly, 37signals has adopted a data processing addendum with Standard Contractual Clauses to help ensure this protection. 37signals’ DPA is available at https://basecamp.com/about/policies/privacy/regulations/basecamp-gdpr-dpa.pdf. There are also a few ad hoc cases where EU personal data may be transferred to the U.S. in connection with 37signals operations, for instance, if an EU user signs up for our newsletter or participates in one of our surveys or buys swag from our company online store. Such transfers are only occasional and data is transferred under the Article 49(1)(b) derogation under GDPR and the UK version of GDPR.	https://37signals.com/policies/privacy
Thunderbird Android	many	Dunkl Apon (ID)	APPROVED	IMAP.AccessAsUser.All SMTP.Send offline_access	20 Nov 2024	Approved, as these are delegated permissions and refer to the same privacy policy as the Thunderbird app for desktop.	https://www.mozilla.org/en-US/privacy/	e6f8716e-299d-4ed9-bbf3-453f192f44e5
Thunderbird with Owl	Piendl Thomas (ID)	Dunkl Apon (ID)	APPROVED	offline_access EWS.AccessAsUser.All	02 May 2024	Thunderbird Add-On	Gebaut wird das Plugin von Beonex in D: https://www.beonex.com/owl/ Datenschutzerklärung: https://www.beonex.com/owl/privacy EULA: https://www.beonex.com/owl/eula	d7fd83df-b1e8-40fa-a2fe-d23c44baa758
Fantastical (Flexibits)	Sievers David (ID) Vermeul Swen (ID)	Dunkl Apon (ID)	APPROVED	offline_access openid profile email Calendars.ReadWrite Calendars.ReadWrite.Shared Tasks.ReadWrite Tasks.ReadWrite.Shared User.ReadBasic.All User.Read People.Read MailboxSettings.Read EWS.AccessAsUser.All	13 Mar 2024	Mac Client	https://flexibits.com/privacy/faq
K-9	Crespo de la Serna Felix (ID)	Dunkl Apon (ID)	APPROVED	IMAP.AccessAsUser.All SMTP.Send offline_access	12 Mar 2024	https://k9mail.app/ Android mail client (developed by Mozilla Thunderbird)	https://k9mail.app/privacy.html
Microsoft Outlook	n.a.	n.a.	APPROVED			MS Outlook is enabled by default.
Thunderbird (Mozillla)	Brosche Michel (ID)	Consani Fabio	APPROVED	offline_access SMTP.Send IMAP.AccessAsUser.All POP.AccessAsUser.All	13 Nov 2023	Good IMAP client available on all OS'es	https://www.mozilla.org/en-US/privacy/
Apple Internet Accounts (Apple)	Brosche Michel (ID) Corti Matteo (ID) Fazzone Dimitrios (ID)	Consani Fabio	APPROVED	offline_access openId EWS.AccessAsUser.All EAS.AccessAsUser.All	03 Dec 2023	To access EXO with iOS devices, this application must be approved. Most common mail client at ETHZ. Used in MacMail and iOS Mail	https://www.apple.com/legal/privacy/...
GNOME Evolution (Gnome)	Corti Matteo (ID)	Signer Paul (ID)	APPROVED	offline_access Calenders & Contacts Mailbox & Mail Tasks EWS.AccessAsUser.All User.Read User.ReadBasic.All	17 Nov 2023 Last update on 30 Oct 2024	Only Linux client with full calendar integration! Linux Mail Client released Evolution requires a lot of permissions. One critical example is “Calendars.ReadWrite,” which potentially allows access to all calendars. Statement from documentation (Microsoft Graph permissions reference): Administrators can configure application access policy to limit app access to specific mailboxes and not to all the mailboxes in the organization, even if the app has been granted the Calendars.ReadWrite application permission. This means that EXO must ensure that Evolution cannot view all calendars! Last update: User.Read & User.ReadBasic.All have been added. These permissions are necessary for shared mailboxes.	https://www.gnome.org/privacy-policy/
Nine for Office 365	Corti Matteo (ID)	Signer Paul (ID)	APPROVED	EWS.AccessAsUser.All	17 Nov 2023		https://www.9folders.com/privacy-policy/
Alpine Mail Client	Corti Matteo (ID)	Signer Paul (ID)	APPROVED	offline_access SMTP.Send IMAP.AccessAsUser.All	14 Dec 2023		This page is wrong formatted. https://alpineapp.email/
Gmail (Google)	Corti Matteo (ID)	Signer Paul (ID)	APPROVED	offline_access EAS.AccessAsUser.All	20 Nov 2023	Common mail client on Android devices	https://policies.google.com/privacy?gl=CH&hl=en
Samsung Email (Samsung)	i.A. Buschor Mark (ID)	Dunkl Apon (ID) Signer Paul (ID)	APPROVED	offline_access openid email profile EWS.AccessAsUser.All Calendars.ReadWrite	13 Mar 2024	Standard mail client on Samsung Android devices. Usage couldn't be identified based on existing Exchange-Logs. There are many requests, but all these people are not yet migrated to cloud	https://account.samsung.com/membership/policy/privacy
Mutt E-Mail Client	Corti Matteo (ID)	Signer Paul (ID)	APPROVED	offline_access SMTP.Send IMAP.AccessAsUser.All POP.AccessAsUser.All	21 Dec 2023	Mutt is a small but very powerful text-based mail client for Unix operating systems	Can't find privacy policy. (Aires: because, it runs locally on the PC)
Provider for Exchange ActiveSync for Office 365	Crespo de la Serna Felix (ID) Simic Dragan (ID)	Dunkl Apon (ID)	APPROVED	EAS.AccessAsUser.All	27 Mar 2024	Is mentioned here: Linux 4 Departments -> Email	No Privacy Policy, but URL to GitHub: https://github.com/jobisoft/EAS-4-TbSync/wiki/About:-Provider-for-Exchange-ActiveSync	2980deeb-7460-4723-864a-f9b0f10cd992
BlueMail (Blix Inc.)	n.a.	Corti Matteo (ID)	BLOCKED	User.Read EAS.AccessAsUser.All Exchange.Manage	20 Nov 2023	Requires manage exchange configuration API right	https://bluemail.me/privacy/
QQMail (Tencent Technology (Shenzhen) Company Ltd.)	n.a.	Corti Matteo (ID)	BLOCKED		20 Nov 2023	Known data kraken from China (TikTok Publisher)	https://play.google.com/store/apps/datasafety?id=com.tencent.androidqqmail&hl=en_US
LGEmail	n.a.	Signer Paul (ID) Dunkl Apon (ID)	BLOCKED	.default	13 Mar 2024	Can't find official Homepage	Can't find privacy policy.	66327e7a-d195-41bd-9628-6a0ee1bc3c06
Spark Mail (Spark Mail Limited)	n.a.	Dunkl Apon (ID)	APPROVED	offline_access openid email profile EWS.AccessAsUser.All Calendars.ReadWrite	18 Mar 2024		https://sparkmailapp.com/legal/privacy-web
Canary Mail (CanaryMail)	Bilgeri Serge	Dunkl Apon (ID)	BLOCKED	EWS.AccessAsUser.All openid offline_access profile	05 Sep 2024	No information about the data location found, therefore not approved. How we transfer information we collect internationally The information we collect is stored on our servers in Germany. Germany has been recognized by the European Commission as offering and an adequate level of data protection such that personal data can flow from the EU to that country without any need for further safeguards. Some of the third parties described in this privacy policy, which provide services to us under contract, are based in other countries that may not have equivalent privacy and data protection laws to the country in which you reside. By using our Services, you consent to any transfer and processing in accordance with this policy. Whenever we transfer your information, we take steps to protect it." https://canarymail.io/privacy-policy	https://canarymail.io/privacy.html
DavMail			OPEN	.default			Can't find privacy policy.	facd6cff-a294-4415-b59f-c5b01937d7bd
EmailJS			OPEN	mail.send openid email offline_access			https://www.emailjs.com/legal/privacy-policy/#data-collection https://www.emailjs.com/legal/privacy-policy/#data-subprocessors	76a1856d-bcdd-40a8-b482-c3010de1d2c1
AquaMail			BLOCK	openid email offline_access IMAP.AccessAsUser.All POP.AccessAsUser.All SMTP.Send	22 Jul 2024	Data Location of Personal Information process is in the US:	https://www.aqua-mail.com/privacy-policy/	c40fc214-9304-4d8b-83e7-d29db7798e35
EdisonMail		Carreira e Marques Aires Manuel (ID)	BLOCK	EWS.AccessAsUser.All offline_access profile openid	25 Nov 2024	Data Location of Personal Information process is in the US: z	https://www.edisonmail.com/privacy-commitments	62db40a4-2c7e-4373-a609-eda138798962
OnMail			OPEN	offline_access openid email IMAP.AccessAsUser.All SMTP.Send			https://www.edisonmail.com/privacy	be975a90-8235-4503-afe3-88ccb690750f
FairEmail			OPEN	profile openid email offline_access IMAP.AccessAsUser.All SMTP.Send POP.AccessAsUser.All			https://email.faircode.eu/privacy/	17e57eca-a59b-4574-ac91-b343004898a6
Mail App for Outlook			OPEN	IMAP.AccessAsUser.All SMTP.Send openid profile offline_access			https://intrepidcorp.co.uk/mailappforoutlook//privacypolicy.html	11680cd6-7ad2-44de-bb9f-665024d48a72
Mailspring			BLOCKED	user.read offline_access Contacts.ReadWrite Contacts.ReadWrite.Shared Calendars.ReadWrite Calendars.ReadWrite.Shared IMAP.AccessAsUser.All SMTP.Send	22 Jul 2024	Data Location of Personal Information process is in the US:	https://www.getmailspring.com/privacy-policy	8787a430-6eee-41e1-b914-681d90d35625
Foxmail		Carreira e Marques Aires Manuel (ID)	BLOCKED	offline_access openid email profile IMAP.AccessAsUser.All SMTP.Send POP.AccessAsUser.All EAS.AccessAsUser.All EWS.AccessAsUser.All		Company behind Foxmail is Tencent.	https://www.foxmail.com/win/en/privacy_policy.html https://www.foxmail.com/win/en/privacy_policy.html#infocollect	231575bc-9f6c-4539-9241-5cfae696b630
BusyCal	Bilgeri Serge	Panyasantisuk Jarunan (ID)	APPROVED	EWS.AccessAsUser.All Calendars.ReadWrite Tasks.ReadWrite Tasks.ReadWrite.Shared User.Read People.Read MailboxSettings.Read Calendars.ReadWrite.Shared User.ReadBasic.All openid profile offline_access	29 Aug 2024	Using our software enables you and your organization to meet GDPR regulatory requirements. Any data entered into our apps, including Personally Identifiable Information (PII) or Protected Health Information (PHI), is never transferred, saved, or stored on our servers. All data remains on your device or with the third-party services you choose to sync with (such as iCloud, Google, Microsoft Office etc.) ensuring your information stays under your control at all times.	https://www.busymac.com/privacy.html	885773d6-1859-4189-9b95-b9128fe95ae1
BusyContacts	Hendry Manuel	Panyasantisuk Jarunan (ID)	APPROVED	Contacts.ReadWrite Contacts.ReadWrite.Shared MailboxSettings.Read People.Read User.Read User.ReadBasic.All profile openid offline_access	27 Oct 2025	BusyContacts: Access to your Contacts is required to autofill addresses, names, and numbers as needed. It also uses your "Me Card" to accurately identify you and allow changes to your contact card. Like BusyCal, BusyContacts does not collect or upload your contact details to its servers. Our apps are designed to align with various global privacy and security regulations. While we do not process, store, or transmit user data on our servers, we follow best practices that support compliance with: GDPR (General Data Protection Regulation) – Ensures all data remains on your device or with the third-party services you choose to sync with. HIPAA (Health Insurance Portability and Accountability Act) – Our software does not process Protected Health Information (PHI). If you use our apps in a healthcare setting, you must ensure that your chosen sync service meets HIPAA compliance requirements. CCPA (California Consumer Privacy Act) – We do not collect, sell, or share personal data.	https://www.busymac.com/privacy/	b32508e6-e213-4601-a59e-a62413a700b6
Superhuman			OPEN
Claws Mail	Fink Andreas	Dunkl Apon (ID)	APPROVED	offline_access SMTP.Send IMAP.AccessAsUser.All POP.AccessAsUser.All Mail.ReadWrite Mail.Send User.Read	04 Sep 2024	https://www.claws-mail.org/faq/index.php/Oauth2#Setting_up_OAuth_2.0_for_Microsoft_-_for_Outlook_or_Exchange	https://lists.claws-mail.org/pipermail/users/2024-September/033312.html
MailMate	Albers Alexander	Dunkl Apon (ID)	APPROVED	IMAP.AccessAsUser.All SMTP.Send offline_access	21 Oct 2024	1 user requested so far 2024-10-31 - Aires - Privacy policy is ok OTRS Ticket	https://freron.com/privacy_policy/	2316c52f-c664-4efb-93c2-830b1ba5f128
TypeApp	Sommer Georg Professor Andreas Hierlemann	Carreira e Marques Aires Manuel (ID)	BLOCKED		21 Oct 2024	https://typeapp.com	https://typeapp.com/privacy/
SailfishOS Mail		Panyasantisuk Jarunan (ID)	APPROVED	offline_access openid email EAD.AccessAsUser.All	10 Oct 2024
Full Fabric	Kramer Evelina	Dunkl Apon (ID)	APPROVED	IMAP.AccessAsUser.All offline_access	21 Oct 2024	Approved by CISO	https://www.fullfabric.com/privacy-policy
Calendly		Panyasantisuk Jarunan (ID)	APPROVED	openid email profile offline_access User.Read Calendars.ReadWrite Calendars.ReadWrite.Shared	28 Oct 2024	07 Jan 2025 The data would be stored in the US. https://calendly.com/legal/privacy-notice. Clarifying with CISO
Morgen.so		Carreira e Marques Aires Manuel (ID)	APPROVED			Sync all calendars
Any.do	Lauener Adrian (ID)	Panyasantisuk Jarunan (ID)	BLOCKED			Data location in Israel	https://www.any.do/legal/privacy-policy
Calendar Bridge		Panyasantisuk Jarunan (ID)	BLOCKED			Data location in the US
Huawei Email App	kevin.riehl@ivt.baug.ethz.ch	Carreira e Marques Aires Manuel (ID)	BLOCKED		14 Nov 2024	Data location in China
WeekCal		Panyasantisuk Jarunan (ID)	REJECTED It could be reviewed again as the cloud app provider us SCCs.		05 Dec 2024	Data maybe transferred outside of Europe. 28 Mar 2025 Updated: Using SCCs VII. International Transfer We may transfer your Personal Information outside the European Union/European Economic Area. Whenever we transfer your Personal Information out of the EU/EEA, we ensure an adequate level of protection is afforded to it by ensuring, where required by law, at least one of the following safeguards is implemented: Transferring Personal Information to countries that have been deemed to provide an adequate level of protection for Personal Information by the EU Commission, or Using standard contractual clauses approved by the EU Commission which give Personal Information the same protection it has in Europe.	https://maplemedia.io/privacy/
Postbox	Daniel von Allmen	Dunkl Apon (ID)	APPROVED	Delegated Permissions: IMAP.AccessAsUser.All POP.AccessAsUser.All SMTP.Send offline_access	11 Mar 2025	Postbox fka "em Client"	https://www.postbox-inc.com/legal/privacy	3f22d358-8176-496b-9559-8c8e1101fbca
Em Client		Carreira e Marques Aires Manuel (ID)	APPROVED		30 Jan 2025		https://www.emclient.com/privacy-policy
Kontact		Carreira e Marques Aires Manuel (ID)	APPROVED		21 Feb 2025	The privacy policy states that sensitive information such as user names, passwords, and personal information (including events, contacts, emails, etc.) obtained from remote services is stored locally on the user's computer.
Mailbird		Dunkl Apon (ID)	REJECTED		27 Nov 2024	13. INTERNATIONAL DATA TRANSFER Your information, including personal data that we collect from you, may be transferred to, stored at and processed by us and our affiliates and other third parties outside the country in which you reside, including, but not limited to the United States, where data protection and privacy regulations may not offer the same level of protection as in other parts of the world. By using our Services, you agree to this transfer, storing or processing.] We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy. 21. EU-U.S. PRIVACY SHIELD Mailbird Inc. commits to cooperate with the panel established by the EU data protection authorities (DPAs) and comply with the advice given by the panel with regard to personal data transferred from the EU. Please contact us to be directed to the relevant DPA contacts. As further explained in the Privacy Shield Principles, binding arbitration before a Privacy Shield Panel will also be made available to you in order to address residual complaints not resolved by any other means. Mailbird Inc. is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.	https://www.getmailbird.com/privacy-policy/

Guides