Outlook Plugin offers many additional features for Outlook users (which Office365 integration doesn't) and therefore is very much needed.

THE PROBLEM IS WITH THE CONTACTS SYNC OPTION. INFACT A MAJOR SECURITY LOOPHOLE. 

WITH Outlook Plugin, the end user has the option to sync ALL CONTACTS that he has access to and NOT just the ones owned by him. And there is NO WAY for the admin to disable this option or to limit the users to sync just their owned contacts. 

This is a major issue for obvious reasons. For many business/ in many industries your contacts are everything and guard them like a prized possession (e.g. Recruitment, Traders etc.) And ZohoCRM outlook plugin puts all your contacts at RISK by allowing a user to get a copy of all CRM contacts in their Outlook. Thus making it easier for users to export out from their Outlook and walk away. 

WITH Office365 integration, when you enable contact sync it ONLY syncs contacts owned by the user, not all contacts the user may have access to. So there are no issues with this.   

Tried explaining this to the CRM support them and they ARE UNWILLING TO ACCEPT this as a problem and for them this is a "feature request". They in-fact suggested to make contacts as private, which again is a flawed approach and doesn't work. Here's why:

User A and User B are working together on a potential and each user can only see the contact record they own. Because the contact module is private there may be 2 copies of the same contact sync'ed up from both users Outlook Plugins. 

Lets say the contact is John Smith.

When User A creates a potential, he associates that with John Smith (a contact record he owns), while User B doesn't have access to John Smith, because the contacts module is private. 

The problem is that in absence of User A, the User B is not even able to create a potential because he doesn't have access to the contact John Smith. And because the email field in contact is set to not allow duplicates (which is important for sanity and to avoid multiple duplicates), the User B cannot even create a new contact record for John Smith. 

Apart from that, setting contact module as private creates multiple duplicates - which is another issue. 

And using data-sharing-rules together with contact module set as "Private", will again bring us back to the core issues, which allows ensure to sync ALL Contacts he has access to, which is a risk. 

Immediate/Temporary Fix:

Provide a version of Outlook plugin where the Sync All Contacts is either removed or greyed out. This should not require more than a few minutes of the plugin developers time because he just needs to comment it out / remove it from the GUI. 

This could be provided on request to customers who specifically ask for it, as opposed to making it generally available which may need more planning or will take longer. 

Permanent Fix:   

Remove that option completely OR give admins some setting / permission in Profiles to manipulate this. 

This issue was logged with the support team under Ticket ID: 16977368