Ensure users installing Outlook add-ins is not allowed
Why This Matters
Outlook add-ins can access user data and mail content, making them a prime target for attackers. A compromised or malicious add-in can exfiltrate sensitive information without the user's knowledge. By preventing users from installing their own add-ins, you reduce this attack surface and maintain tighter control over which applications can interact with your organization’s email data.
What Aether365 Checks
Aether365 verifies that the Default Role Assignment Policy in Exchange Online has the My Custom Apps, My Marketplace Apps, and My ReadWriteMailboxApps roles disabled. This check appears in your Aether365 dashboard under the Microsoft 365 checks section.
How to Fix
To restrict Outlook add-in installation to administrators only, follow these steps: