Case: MS Outlook plugin for SaaS/CRM

By | August 14, 2014

We continue set of articles about interesting technology areas and solutions we have implemented or encountered in our projects.
This article briefly describes our experience in development of MS Outlook plugin for custom SaaS (CRM-like solution).

Our solution

Our goal was to develop a plugin for MS Outlook that will allow to manage custom object structures from existing SaaS solution. Requirements included necessity of strong secure approach with possibility of connection and storage encryption, as well as manipulation of linked objects like emails, notes, events and todo items, contacts, document files, custom forms, objects creation directly from Outlook, and many other functions.

We’ve developed add-in with single code base that works in MS Outlook 2007/2010/2013. It synchronizes dedicated PST storage with database over HTTPS/Web-Services and able to handle 100k+ items.

Interesting Challenges

Following challenges were completed in scope of the project:

  1. UI integration:
    • custom explorer (embedded in main window) and inspector (pop-up) views for folders and items,
    • custom context menus,
    • customization of ribbons,
    • custom columns in native Outlook grids.

  3. Event integration:
    • intercept and process incoming and outgoing email messages,
    • handle drag-and-drop of emails and files into certain folders,
    • tracking of email threads,
    • intercept opening of documents.

  5. Own PST store:
    • custom store structure (visible in native Outlook navigation tree),
    • lock down tree structure to disable unwanted user changes (renaming and moving of folders).

  7. Deployment:
    • avoid restrictions imposed by PSTDisableGrow policy,
    • per-user and per-machine installation,
    • GPO installation for multiple users.

  9. Miscellaneous:
    • integration with browser for single sign-on (WS Federation),
    • connect to server directly or via proxy,
    • work offline,
    • obfuscation of source code,
    • integrate with Windows API to store encrypted credentials securely.

  11. Proof of concept:
    • encryption of PST on the fly, so stolen file cannot be read,
    • Transport and Store MAPI provider implementation for tight integration with Outlook.


PST store – In computing, a Personal Storage Table (.pst) is an open proprietary file format used to store copies of messages, calendar events, and other items within Microsoft software such as Microsoft Exchange Client, Windows Messaging, and Microsoft Outlook. The open format is controlled by Microsoft who provide free specifications and free irrevocable technology licensing.

Group Policy is a feature of the Microsoft Windows NT family of operating systems that control the working environment of user accounts and computer accounts. Group Policy provides the centralized management and configuration of operating systems, applications, and users’ settings in an Active Directory environment.

MAPI (Messaging Application Program Interface) is a Microsoft Windows program interface that enables you to send e-mail from within a Windows application and attach the document you are working on to the e-mail note.

WS-Federation is an Identity Federation specification, developed by The Dot Net Factory, BEA Systems, BMC Software, CA Inc., IBM, Layer 7 Technologies, Microsoft, Novell, Ping Identity, and VeriSign. Part of the larger Web Services Security framework, WS-Federation defines mechanisms for allowing disparate security realms to broker information on identities, identity attributes and authentication.

Links we find useful

Don’t hesitate to contact us for consultation!

Leave a Reply

Your email address will not be published. Required fields are marked *