By default, users can add additional storage providers in Outlook on the web, such as Box, Dropbox, Google Drive, and OneDrive Personal. While this is a nice feature, it increases the risk of data breaches. It’s advisable to disable it in your organization. In this article, you will learn how to restrict access to storage accounts in Outlook on the web.
Introduction
By default, additional storage providers are allowed in Outlook on the web, such as Box, Dropbox, Facebook, Google Drive, OneDrive Personal. This could lead to information leakage and additional risk of infection from organizational non-trusted storage providers. Restricting this will reduce risk as it will narrow opportunities for infection and data leakage.
Additionally, third-party services may not comply with the same security standards as the organization, making it difficult to maintain data privacy and security.
Storage accounts in Outlook on the web
To check the storage accounts providers in Outlook on the web as a user, follow these steps:
- Sign in to Outlook on the web
- Click on Settings
- Select Mail > Attachments
- Verify the storage accounts availability
This is what it looks like for the user when the storage accounts providers are turned on in Outlook on the web.
Disable additional storage providers in Outlook on the web
To disable additional storage providers in Outlook on the web, follow the steps below:
Step 1. Connect to Exchange Online PowerShell
Run PowerShell as administrator and Connect to Exchange Online PowerShell.
Connect-ExchangeOnlineStep 2. Get additional storage providers available status
Run the Get-OwaMailboxPolicy cmdlet and include the the AdditionalStorageProvidersAvailable property.
Get-OwaMailboxPolicy | Format-Table Name, AdditionalStorageProvidersAvailableThe output shows that the setting is enabled.
Name AdditionalStorageProvidersAvailable
---- -----------------------------------
OwaMailboxPolicy-Default TrueNote: This AdditionalStorageProvidersAvailable setting is enabled by default.
Step 3. Disable additional storage providers available
Disable the additional storage providers setting.
Get-OwaMailboxPolicy "OwaMailboxPolicy-Default" | Set-OWAMailboxPolicy -AdditionalStorageProvidersAvailable $falseNote: This change may take between 1 and 24 hours to apply to all users. So give it some time before you want to verify.
Step 4. Verify additional storage providers available status
Run the Get-OwaMailboxPolicy cmdlet and include the the AdditionalStorageProvidersAvailable property.
Get-OwaMailboxPolicy | Format-Table Name, AdditionalStorageProvidersAvailableVerify that the output shows the setting as disabled.
Name AdditionalStorageProvidersAvailable
---- -----------------------------------
OwaMailboxPolicy-Default FalseSigning in as a user on Outlook on the web, and check the storage accounts setting. Verify that only the primary account is available and all the additional storage providers do not appear.
That’s it!
Read more: How to Restrict access to Microsoft Entra admin center »
Conclusion
You learned how to restrict access to storage accounts in Outlook on the web. First, connect to Exchange Online PowerShell. Next, run the command to disable access to storage accounts in the mailbox policy. If you have more than one mailbox policy, disable it on all of them. As of last, verify your work.
Did you enjoy this article? You may also like How to Generate Secure Random Passwords in PowerShell. Don’t forget to follow us and share this article.