Restricting External Storage in Outlook [CHK-1060]
This check determines if users are allowed to open files from external storage services such as Dropbox, Box, Google Drive, OneDrive Personal, etc., in Outlook.
Rationale
Allowing connections with external storage services can lead to corporate information leaks and potential malware infections from untrusted storage. Blocking this connection reduces these risks.
Fix
An automated fix is available through Attic.
Manual steps:
- Connect to Exchange Online using
Connect-ExchangeOnline. - Run the following command to disable the ability for users to connect to 3rd party cloud storage from Outlook for all policies:
Get-OwaMailboxPolicy | ForEach-Object {
Set-OwaMailboxPolicy -Identity $_.Identity -AdditionalStorageProvidersAvailable $false
}
- Verify the setting with this command:
Get-OwaMailboxPolicy | Format-Table Name, AdditionalStorageProvidersAvailable
Impact
The impact of this change depends on the usage in your organization. If users frequently use external storage services, their workflows will be affected.