This won’t break anything… oh, except that
They also published a blog post recommending one of their several workarounds as the best one to implement. They called it “our least intrusive workaround”, with the reasoning that, based on their testing, “not very many websites” use the functionality they suggested disabling.
One would have thought that during their testing they would take the time to check their own web products, because when we disabled the functionality they suggested across our site yesterday, everyone’s Microsoft Outlook webmail stopped working. As did the Outlook Express client.
Now, I appreciate this was something of a rush job, but perhaps Microsoft should ensure that someone in their security department actually starts using their flagship corporate webmail system, so that they will notice when they break it?
Also, note to self: stop being a moron and taking Microsoft’s word on these things.