SECURITY Loophole - ZohoCRM Outlook Plugin - Contacts Syncs
There are 2 ways to sync contacts with ZohoCRM, which we use:
Writer
Get Started. Write Away!
1. Office365 integration and
2. Outlook Plugin for Zoho CRM
Outlook Plugin offers many additional features for Outlook users (which Office365 integration doesn't) and therefore is very much needed.
THE PROBLEM IS WITH THE CONTACTS SYNC OPTION. INFACT A MAJOR SECURITY LOOPHOLE.
WITH Outlook Plugin, the end user has the option to sync ALL CONTACTS that he has access to and NOT just the ones owned by him. And there is NO WAY for the admin to disable this option or to limit the users to sync just their owned contacts.
This is a major issue for obvious reasons. For many business/ in many industries your contacts are everything and guard them like a prized possession (e.g. Recruitment, Traders etc.) And ZohoCRM outlook plugin puts all your contacts at RISK by allowing a user to get a copy of all CRM contacts in their Outlook. Thus making it easier for users to export out from their Outlook and walk away.
WITH Office365 integration, when you enable contact sync it ONLY syncs contacts owned by the user, not all contacts the user may have access to. So there are no issues with this.
Tried explaining this to the CRM support them and they ARE UNWILLING TO ACCEPT this as a problem and for them this is a "feature request". They in-fact suggested to make contacts as private, which again is a flawed approach and doesn't work. Here's why:
User A and User B are working together on a potential and each user can only see the contact record they own. Because the contact module is private there may be 2 copies of the same contact sync'ed up from both users Outlook Plugins.
Lets say the contact is John Smith.
When User A creates a potential, he associates that with John Smith (a contact record he owns), while User B doesn't have access to John Smith, because the contacts module is private.
The problem is that in absence of User A, the User B is not even able to create a potential because he doesn't have access to the contact John Smith. And because the email field in contact is set to not allow duplicates (which is important for sanity and to avoid multiple duplicates), the User B cannot even create a new contact record for John Smith.
Apart from that, setting contact module as private creates multiple duplicates - which is another issue.
And using data-sharing-rules together with contact module set as "Private", will again bring us back to the core issues, which allows ensure to sync ALL Contacts he has access to, which is a risk.
Immediate/Temporary Fix:
Provide a version of Outlook plugin where the Sync All Contacts is either removed or greyed out. This should not require more than a few minutes of the plugin developers time because he just needs to comment it out / remove it from the GUI.
This could be provided on request to customers who specifically ask for it, as opposed to making it generally available which may need more planning or will take longer.
Permanent Fix:
Remove that option completely OR give admins some setting / permission in Profiles to manipulate this.
This issue was logged with the support team under Ticket ID: 16977368
Access your files securely from anywhere
New to Zoho Recruit?
Zoho Developer Community
New to Zoho LandingPage?
Zoho LandingPage Resources
New to Zoho Survey?
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Bigin?
Topic Participants
Gaurav Sethi
Hamed A
Dilip
Michelle
Sticky Posts
Introducing the Eventbrite extension for Zoho CRM
Hello Zoho CRM community, Are you struggling to keep your event registrations and attendance data organized across multiple platforms? Managing this information manually can be a frustrating and time-consuming task, and mistakes can easily occur, makingIntroducing the Egnyte extension for Zoho CRM
Hello Zoho CRM Community, How often do you find yourself switching between platforms just to find and share the right document? Is your team dealing with a lot of documents, making customer-related file management a constant hassle that slows down yourStreamline your sales process with the Kanban Board extension for Zoho CRM
Hello Zoho CRM Community, Are you looking for a streamlined way to manage your sales pipeline and enhance team collaboration? Introducing the Kanban Board for Zoho CRM extension! This powerful tool helps you visualize and manage your sales pipeline, tasks,Enhance Your Marketing Strategy: Unlock Zoho CRM and Mailchimp's Full Marketing Potential with Mailchimp for Zoho CRM Extension
Hello Zoho CRM enthusiasts, Effective customer relationship management (CRM) and email marketing are essential to any successful marketing strategy. However, handling these components independently can be a time-consuming and ineffective process. ThisUnlocking the power of feedback surveys for business growth with the Qualtrics for Zoho CRM extension
Dear Users, In today's dynamic and customer-centric market, feedback surveys are an essential tool for businesses and organizations seeking to understand, adapt, and succeed. They allow organizations to understand customer needs, identify potential areas
New to Zoho TeamInbox?
Zoho TeamInbox Resources
Zoho CRM Plus Resources
Zoho Books Resources
Zoho Subscriptions Resources
Zoho Projects Resources
Zoho Sprints Resources
Qntrl Resources
Zoho Creator Resources
Zoho CRM Resources
Design. Discuss. Deliver.
Zoho Show Resources
Get Started. Write Away!
Writer is a powerful online word processor, designed for collaborative work.
Zoho CRM コンテンツ
-
オンラインヘルプ
-
Webセミナー
-
機能活用動画
-
よくある質問
-
Ebook
-
-
Zoho Campaigns
- Zoho サービスのWebセミナー
その他のサービス コンテンツ
Nederlandse Hulpbronnen
ご検討中の方
Recent Topics
Introducing Profile Summary: Faster Candidate Insights with Zia
We’re excited to launch Profile Summary, a powerful new feature in Zoho Recruit that transforms how you review candidate profiles. What used to take minutes of resume scanning can now be assessed in seconds—thanks to Zia. A Quick Example Say you’re hiring[New Release 2024] Create and embed custom capabilities across CRM with Kiosk Studio, our latest no-code tool
[Update | New series] We've started publishing a series of posts on Kiosk Studio. It's called Kiosk Studio Sessions and you can check out the first one here! [Update | 15 Oct} Session #2 is live! This one will look at how to create a kiosk for your callRevenue Management: #10 Common Mistakes while Recognizing Revenue
We are at the end of the series on Revenue Management, covering how different businesses recognise revenue. Even with clear standards like ASC 606 and IFRS 15 in practice, businesses often struggle with the nuances of revenue recognition. Especially growingZoho Projects MCP Feedback
I've started using the MCP connector with Zoho Projects, and the features that exist really do work quite well - I feel this is going to be a major update to the Zoho Ecosystem. In projects a major missing feature is the ability to manage, (especiallyWindows Desktop App - request to add minimization/startup options
Support Team, Can you submit the following request to your development team? Here is what would be optimal in my opinion from UX perspective: 1) In the "Application Menu", add a menu item to Exit the app, as well as an alt-key shortcut for these menusintegarting attachments from crm to creator
when i tried to integrate pdf attachments from crm to creator via deluge i am getting this error {"code":2945,"description":"UPLOAD_RULE_NOT_CONFIGURED"} the code i used is attachments = zoho.crm.getRelatedRecords("Attachments","Sales_Orders",203489100020279XXX8);Product details removed during update from other system
We maintain our product details in an other system. These details are synchronized with Zoho at the end of each day, through an API. This has worked perfectly sofar. But last Monday, all product codes and some other product data have been wiped duringSearch Option
🚫 Current Limitation: As of now (September 2025), Zoho FSM lacks a global search functionality, which makes it difficult to quickly: Find specific Work Orders by number or keyword Search for customer records or contact info Locate assets, jobs, or serviceMobile Chat Window - Full Screen
Hello, The mobile chat window takes up the full screen, which is highly confusing for most customers! Using a desktop machine, I see the same happens when reducing the browser width to 800px or below. This suggests that it responsive web design, causing the switch to full screen. Can we fix this very annoying behaviour ourselves using a custom css file? If so, can you please let me know how? ThanksIs it possible to customize ZC Themes?
I understand you can choose a layout and customize Brand Color, App Header, Menu, and Sub-Menu components, but can you override some of the default theme settings with CSS or a config file? For example, - Table highlight color - Listview auto filter highlightIs it possible to create Custom function-based Lookup field in Zoho CRM
Is it possible to create a custom function-based lookup field in Zoho CRM? If so, how? Use case: Need to fetch users from Zoho Projects into a dropdown field in Zoho CRM.@mention in comments no notification
Hi, hope someone can help. When we @mention someone in the comments in Zoho Creator, how is that user notifed as we don't get anything on email or in the app notifications.Add "Running Balance" column to Account Transaction Reports
Hello, Currently Zoho Account Transaction Reports give you the opening balance, then lists the transactions, then provides the closing balance. It would be great if you could add a column on the far right that shows the "Running Balance" on the account after each transaction. There are many times when analyzing or tie-ing out transactions that this would be very helpful. I currently have to frequently run a tape on my adding machine to get balance totals after a specific transaction on the list.Unified customer portal login
As I'm a Zoho One subscriber I can provide my customers with portal access to many of the Zoho apps. However, the customer must have a separate login for each app, which may be difficult for them to manage and frustrating as all they understand is thatWhatsApp Channels in Zoho Campaigns
Now that Meta has opened WhatsApp Channels globally, will you add it to Zoho Campaigns? It's another top channel for marketing communications as email and SMS. Thanks.error : Object code : 6500
b3 = map(); b3.put("name", "Test Project Name"); updateprojects2 = invokeurl [ url :"https://projectsapi.zoho.eu/restapi/portal/era0130/projects/169495000000928007/" type :PUT parameters: b3 connection:"in2" ]; info b3 ; info updateprojects2; ------------I got unknown charge from Zoho
Good day, I need help disputing a charge I don't know from, zoho. I have ZohoMail and ZeptoMail. I purchase credits for ZeptoMail, and for ZohoMail I am not subcribed.How can I see content of system generated mails from zBooks?
System generated mails for offers or invices appear in the mail tab of the designated customer. How can I view the content? It also doesn't appear in zMail sent folder.Zadarma + Zoho CRM Integration – Missed Calls Saved as Contacts Instead of Leads
Hello everyone, I’m looking for input from anyone with experience using the Zadarma + Zoho CRM integration. Currently, I’m seeing that missed calls are automatically being created as Contacts instead of Leads. From a CRM perspective, this doesn’t makeFunction 56: Automatically enable the option for customers to pay via bank account
Hello everyone and welcome back to our series! One of the key features of Zoho Books is its integration with multiple payment gateways, allowing you to receive online payments for your invoices. This ensures faster payments, automates payment trackingAttach Files to Your Notecards and share them on the go!
Hey everyone! We’re excited to share a feature many of you have been asking for — you can now attach files directly to your text notecards and share with ease! 🙌 This update was built with your feedback in mind, especially for those who wanted a simpleCan i connect 2 instagram accounts to 1 brand?
Can i connect 2 instagram accounts to 1 brand? Or Do i need to create 2 brands for that? also under what subscription package will this apply?Workdrive on Android - Gallery Photo Backups
Hello, Is there any way of backing up the photos on my android phone directly to a specific folder on Workdrive? Assuming i have the workdrive app installed on the phone in question. EmmaIntegración Books para cumplir la ley Crea y Crece y Ley Antifraude (VeriFactu)
Hola: En principio, en julio de 2025, entra en vigor la ley Crea y Crece y Ley Antifraude (VeriFactu). ¿Sabéis si Zoho va a cumplir con la ley para cumplir con la facturación electrónica conectada a Hacienda? GraciasYouTube Live #1: AI-powered agreement management with Zia and Zoho Sign
Hi there! We're excited to announce Zoho Sign’s first YouTube live series, where you can catch the latest updates and interact with our Zoho Sign experts, pose questions, and discover lesser-known features. We're starting off by riding the AI wave inHow to add a % Growth column for year-over-year comparison (2024 vs 2025)
Hello, I am trying to build a monthly revenue comparison between 2024 and 2025 in Zoho CRM Analytics. My current setup is: Module: Deals (Affaires) Filter: Stage = Closed Won Date field: Closing Date Grouping: By Month Metrics: Sum of Amount for 2024,How to searchByCriteria records that are under approval?
I need to search for both approved and pending approval records Is that possible with this method? Or I need to a different method? var priceReqID = $Page.record_id; log(priceReqID); var records = ZDK.Apps.CRM.Price_List_Item.searchByCriteria("Price_Request:equals:"Power of Automation::Streamline log hours to work hours upon task completion.
Hello Everyone, A Custom Function is a user-written set of code to achieve a specific requirement. Set the required conditions needed as to when to trigger using the Workflow rules (be it Tasks / Project) and associate the custom function to it. Requirement:-How to add Simple Analytics to Zoho Pages?
I have a website with Zoho Pages, how do I add Simple Analytics on it? They seem to have code they need to be embedded https://docs.simpleanalytics.com/scriptEnd Date in Zoho Bookings
When I give my appointments a 30 minutes time I would expect the software not to even show the End Time. But it actually makes the user pick an End Time. Did I just miss a setting?Cant seem to delete an email account
Hello, I have researching for 4 days how to delete an email account and I am absolutely without a clue. The email account I am trying to delete is support<AT>fyshoes<dot>com. It's the first email account I made and it (is???) was associated with the super user (me). I have since changed it to adming<AT>fychoes<dot>com and I see the support email in my list but I just cant seem to get rid of it. Ultimately I want to associate that email account with another user that I want to add. This is reallyCommerce Order as Invoice instead of Sales Order?
I need a purchase made on my Commerce Site to result in an Invoice for services instead of a Sales Order that will be pushed to Books. My customers don't pay until I after I add some details to their transaction. Can I change the settings to make thisImport data into Multi-Select lookup field from CSV/Excel
How to import data into a multi-select lookup field from the CSV/Excel Sheet? Let's say I have an Accounts multi-select lookup field in the Deals module and I want to import the Deals with Accounts field. Steps:- 1. Create/edit a multi-select lookup fieldSync desktop folders instantly with WorkDrive TrueSync (Beta)
Keeping your important files backed up and accessible has never been easier! With WorkDrive desktop app (TrueSync), you can now automatically sync specific desktop folders to WorkDrive Web, ensuring seamless, real-time updates across devices. Important:Script that deletes a record?
We're using WP Plugin "Integration for WooCommerce and Zoho Pro", and have created a couple of Feeds to send data to Zoho. We are trying to create Contact records, but only based upon condition. Tried to make it with small Deluge function and Workflow,A formula that capitalises the first letter of each word
Hi all, is there a zoho formula that can capitalise the first letter of each word in a string? INITCAP only capitalises the first letter of the first word.Reverse payment on accidentally closed invoice.
An invoice was closed accidentally with the full payment added. However, only partial payment was paid. How can I reopen the invoice and reverse this to update it to show partial payment?Quotes in Commerce?
In Zoho Ecommerce, I need to be able to generate quotes, negotiate with customers, and then generate invoices. Currently, I plan to integrate Zoho CRM to generate quotes. After negotiation and confirmation, I will push the details to Zoho Ecommerce toZoho Commerce - Mobile Application
Does Zoho Commerce have a mobile application for customers to place an order?Register user through Phone Number by Generating OTP
In zoho commerce , I am developing website on online food store Inilialy the user get verification code to their email for registering there account for login. But I need to login using phone number by generating OTP automatically rather than verificationNext Page