Ensure 'User owned apps and services' is restricted
Why This Matters
Allowing users to install add-ins in Microsoft Word, Excel, and PowerPoint opens a vector for attackers to deploy malicious software that can access sensitive data within these applications. Vulnerable and custom-built add-ins are commonly used in data theft campaigns. By restricting user-owned app installations, you reduce your threat surface and mitigate the risk of unauthorized data access through compromised add-ins.
What Aether365 Checks
Aether365 verifies that the "User owned apps and services" setting in the Microsoft 365 admin center is configured to prevent users from accessing the Office Store and starting 365 trials. This check appears in your Aether365 dashboard under the Microsoft Entra ID section.
How to Fix
To restrict user-owned apps and services: