Ensure 'third-party storage services' are restricted in 'Microsoft 365 on the web'

Why This Matters

When third party storage services are allowed within Microsoft 365 on the web, users can save files to external providers like Box, Dropbox, or Google Drive directly from Office apps. This bypasses your organization's data loss prevention policies and exposes corporate data to untrusted environments. Restricting these integrations reduces the risk of data exfiltration and maintains compliance with security frameworks like CIS.

What Aether365 Checks

This Aether365 check verifies that the "Allow third party storage services" setting is disabled in the Microsoft 365 on the web (formerly Office Online) policy. It appears in your Aether365 dashboard under the microsoft-365 service checks and reports a High severity if the setting is enabled.