Preventing Installation of Outlook Add-ins [CHK-1064]
Users can install add-ins in Microsoft Outlook, which can access all data in the application.
Rationale
Attackers can exploit vulnerable or custom-made add-ins to gain access to user data. Regulating the ability to install add-ins limits this attack surface.
Fix
An automated fix is not available. To fix it yourself:
- Go to the Exchange Admin Center at https://admin.exchange.microsoft.com
- Expand 'Roles'
- Select 'User roles'
- Double-click on 'Default Role Assignment Policy' to open it
- Click on 'Manage Permissions'
- Turn the following options OFF:
- My Custom Apps
- My Marketplace Apps
- My ReadWriteMailboxApps
- Click on 'Save'
Impact
Users will no longer be able to install 3rd party add-ins they wish to use. Administrators will start receiving requests to allow necessary 3rd party add-ins.
More Information
For more information, visit the following links: