Ensure additional storage providers are restricted in Outlook on the web
Why This Matters
Outlook on the web allows users to attach files from third-party storage providers like Box, Dropbox, and Google Drive. If left enabled, these non-tenant storage services bypass your organization's security controls, increasing the risk of data leakage and malware infection. Restricting these providers limits the attack surface and ensures users only access files from approved storage locations.
What Aether365 Checks
This check verifies that the AdditionalStorageProvidersAvailable property on the default Outlook on the web mailbox policy is set to $false. It appears in the Aether365 dashboard under microsoft-365 checks and aligns with CIS Microsoft 365 Foundations Benchmark control 6.5.3.