Application Permissions - Ensure Users Installing Word, Excel, and PowerPoint Add-ins is Not Allowed

 







Summary

Users can install add-ins in their Microsoft Word, Excel, and PowerPoint applications by default, which allows data access within the application.

Users should not be permitted to install add-ins in Word, Excel, or PowerPoint.

Reason

Generally, attackers use vulnerable and custom-built add-ins to access data in user applications. 

Although permitting users to install add-ins by themselves helps them in acquiring useful add-ins (that can integrate with Microsoft applications) easily, it can also pose risk if not used and monitored carefully.

Future user's ability to install add-ins in Microsoft Word, Excel, or PowerPoint should be disabled as it helps in reducing the threat surface and mitigate risks.

What If?

This change can impact both end users and administrators. End users will not be able to install add-ins that they may want to install.

How to?

To prohibit users from installing Word, Excel, and PowerPoint add-ins, use the Microsoft 365 Admin Center:
  1. Select Settings from the navigation pane.
  2. Select Org Settings from the navigation pane.
  3. Under Services select User owned apps and services.
  4. Now, de-select Let users access the Office Store and Let users start trials on behalf  of your organization.
  5. Click Save.

Monitor:

To verify that users installing Word, Excel, and PowerPoint add-ins are not allowed, use the Microsoft 365 Admin Center:
  1. Select Settings from the navigation pane.
  2. Select Org Settings from the navigation pane.
  3. Under Services select User owned apps and services.
  4. Verify Let users access the Office Store and Let users start trials on behalf  of your organization are Not Checked.






































































Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Design Planning (Part 3)