How to Restrict Access to Storage Accounts in Outlook on the web

By default, users can add additional storage providers in Outlook on the web, such as Box, Dropbox, Google Drive, and OneDrive Personal. While this is a nice feature, it increases the risk of data breaches. It’s advisable to disable it in your organization. In this article, you will learn how to restrict access to storage accounts in Outlook on the web.

Introduction

By default, additional storage providers are allowed in Outlook on the web, such as Box, Dropbox, Facebook, Google Drive, OneDrive Personal. This could lead to information leakage and additional risk of infection from organizational non-trusted storage providers. Restricting this will reduce risk as it will narrow opportunities for infection and data leakage.

Additionally, third-party services may not comply with the same security standards as the organization, making it difficult to maintain data privacy and security.

Storage accounts in Outlook on the web

To check the storage accounts providers in Outlook on the web as a user, follow these steps:

1. Sign in to Outlook on the web
2. Click on Settings
3. Select Mail > Attachments
4. Verify the storage accounts availability

This is what it looks like for the user when the storage accounts providers are turned on in Outlook on the web.

Disable additional storage providers in Outlook on the web

To disable additional storage providers in Outlook on the web, follow the steps below:

Step 1. Connect to Exchange Online PowerShell

Run PowerShell as administrator and Connect to Exchange Online PowerShell.

Connect-ExchangeOnline

Step 2. Get additional storage providers available status

Run the Get-OwaMailboxPolicy cmdlet and include the the AdditionalStorageProvidersAvailable property.

Get-OwaMailboxPolicy | Format-Table Name, AdditionalStorageProvidersAvailable

The output shows that the setting is enabled.

Name                     AdditionalStorageProvidersAvailable
----                     -----------------------------------
OwaMailboxPolicy-Default                                True

Step 3. Disable additional storage providers available

Disable the additional storage providers setting.

Get-OwaMailboxPolicy "OwaMailboxPolicy-Default" | Set-OWAMailboxPolicy -AdditionalStorageProvidersAvailable $false

Step 4. Verify additional storage providers available status

Run the Get-OwaMailboxPolicy cmdlet and include the the AdditionalStorageProvidersAvailable property.

Get-OwaMailboxPolicy | Format-Table Name, AdditionalStorageProvidersAvailable

Verify that the output shows the setting as disabled.

Name                     AdditionalStorageProvidersAvailable
----                     -----------------------------------
OwaMailboxPolicy-Default                               False

Signing in as a user on Outlook on the web, and check the storage accounts setting. Verify that only the primary account is available and all the additional storage providers do not appear.

That’s it!

Read more: How to Restrict access to Microsoft Entra admin center »

Conclusion

You learned how to restrict access to storage accounts in Outlook on the web. First, connect to Exchange Online PowerShell. Next, run the command to disable access to storage accounts in the mailbox policy. If you have more than one mailbox policy, disable it on all of them. As of last, verify your work.

Did you enjoy this article? You may also like How to Generate Secure Random Passwords in PowerShell. Don’t forget to follow us and share this article.