General
This setting by default allows users to open files from external storage services in Outlook. This includes services such as Dropbox, Box, Facebook, Google Drive, OneDrive Personal, etc.
Rationale
The connection with external storage services can lead to corporate information leaks and malware infection from untrusted storage. By blocking this connection, the risk will decrease as the chances of infection and data leaks are reduced.
Attic Fix
A fix is available for this check! It will be offered through a ticket in Attic, which you can then accept.
Manual Instruction
Follow these steps to adjust the setting using PowerShell:
- Connect to Exchange Online via Connect-ExchangeOnline
- Execute the following PowerShell command:
-
Set-OwaMailboxPolicy -Identity OwaMailboxPolicy-Default -AdditionalStorageProvidersAvailable $false
-
- Execute the following PowerShell command to double-check the setting
-
Get-OwaMailboxPolicy | Format-Table Name, AdditionalStorageProvidersAvailable
-
Impact
The impact of the change is highly dependent on the normal usage in your organization. If users regularly use external storage services, it will affect their workflows.
CIS Mapping
- CIS Item: 6.5 (L2) Ensure additional storage providers are restricted in Outlook on the web (Automated)
- Profile: E3 Level 2
Comments
0 comments
Please sign in to leave a comment.