Storage - Ensure External Storage Providers Available In Outlook On The Web Are Restricted

 








Summary

Storage providers that are integrated with Outlook on the web should be restricted.

Reason

By default. additional storage providers are allowed in Outlook on the Web (such as Box, Dropbox, Facebook, Google Drive, OneDrive Personal, etc.). This may lead to information leakage and additional risk of infection from organizational non-trusted storage providers. By restricting this will inherently reduce risk as it will narrow-down the opportunities for infection and data leakage.

What If?

Affect of this setting mainly depends upon current practices in the tenant. If the other storage providers are not in use, then the impact will be minimal, but, if it is done regularly, then, it will affect their ability to continue to do so.

How to?

To disable external storage providers, use the Exchange Online PowerShell Module:
  1. Connect to Exchange Online using Connect-ExchangeOnline.
  2. Run the following PowerShell command:

Set-OwaMailboxPolicy -Identity OwaMailboxPolicy-Default - AdditionalStorageProvidersAvailable $false

      3. Now, run the following PowerShell command to verify that the value is now False:

Get-OwaMailboxPolicy | Format-Table Name, AdditionalStorageProvidersAvailable

Monitor:

To verify external storage providers are disableduse the Exchange Online PowerShell Module:
  1. Connect to Exchange Online using Connect-ExchangeOnline.
  2. Run the following PowerShell command:

Get-OwaMailboxPolicy | Format-Table Name, AdditionalStorageProvidersAvailable

      3. Now, verify that the value returned is False.











































Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)