"Attacks are unlikely but should serve as a warning for those using third-party apps to access corporate credentials."
Third-party apps as opposed to the 'official' Microsoft Outlook for Android app which is actually just a third party app Microsoft bought and rebranded, which in its original incarnation used AWS to store your credentials and a certain amount of your mail. It still does that now, although it uses Microsoft's own cloud services now I believe, it's still holding your data on servers outside of your control and outside of your country potential violating data protection laws depending on where you are based.