Restrict External Storage Providers in OWA – Data Confidentiality Matters Most

Restrict External Storage Providers in OWA – Data Confidentiality Matters Most

The primary reason to go for an external storage provider in Outlook is to obtain additional storage capacity beyond the default limit. However, the inclusion of external storage providers also opens the door to potential security risks. Are you fully aware of the implications? It’s time to address the impact of external storage providers in the Outlook Web App (OWA).

Integrating third-party storage with webmail brings seamless file access, sharing, and modification outside Office 365 environment. However, it will also lead to one of the possibilities where our sensitive information gets into the wrong hands. Do you need such kind of thing to make your environment stand at the edge of the threat?

Then, don’t wait for any defender to save you! Just restrict external storage providers in the Outlook web app.

“Safeguard Your Outlook Web App by Blocking Third-party Storage Providers”

So, let’s jump into this blog to limit the third-party storage providers from the Outlook web.

What are External Storage Providers in OWA?

When you reach your Microsoft Outlook storage limit, you would look for additional storage space. That’s where the external storage providers come in!

External storage providers are third-party services which can be included in your Outlook webmail for additional storage of email attachments.

Outlook Web App has the ability to add external cloud storage accounts such as Google Drive, Dropbox, Box, and others, directly to your Outlook interface. With this, you can gain the advantage of increased storage capacity for email attachments in Outlook. Also, it enables you to send, access, and modify documents all within Outlook itself, rather than jumping between the services.

Though third-party storage provides a convenient way for file management, storage, and collaborations, it will make your Microsoft environment vulnerable to attacks. That’s why it is crucial to restrict the integrated third-party storage providers in Outlook Webmail.

Let’s see why the external storage providers in Outlook need to be blocked.

Need to Manage Third-Party Storage Providers in Outlook

Below are some of the reasons to control third-party storage providers’ access in Outlook Web.

Unauthorized Access: Not all external storage providers have the same level of trustworthiness. Allowing users to integrate third-party storage with Outlook can make them connect non-trusted providers to Outlook, which will increase the risk of unauthorized access to documents. However, tightening the reins on external storage providers can minimize the risk of such accesses. Reduce the risk of partnering with unsecure cloud storage providers! 🔐

Data Leakage: For storage constraints, you may use external cloud providers to store confidential documents. But it is not appreciated to rely on external storage providers for long terms, which will lead to the leakage of sensitive information in emails. To avoid such things, disable them in your Exchange environment. Restrict external storage providers for enhanced data security! 🚫

Virus Holders: External storage providers may be the ones with viruses. Integrating them with Outlook may lead to the loss of your data in emails due to viruses. But avoiding such integrations can prevent you from losing the data. No more data loss, limit external storage providers in Outlook! ✅

Restrict External Storage Providers in Outlook Web

Outlook mailbox policies control all the settings and features of Outlook on the web to manage Exchange Online mailboxes effectively.” But why we talk about Outlook mailbox policies all of a sudden? Because external storage providers in OWA can be restricted by using Outlook mail policy.

Every Exchange Online has an Outlook web app policy named “OwaMailboxPolicy-Default” which applies to all user mailboxes. Also, you can create different mailbox policies for your Exchange Online mailboxes.

As default, additional storage providers are enabled in each of the Outlook mailbox policies. To restrict users from adding their third-party storage accounts, PowerShell is the best way! The simple PowerShell cmdlets will let you disable the outside cloud storage providers in a minute.

Before getting into the cmdlets, make sure you connect to Exchange Online PowerShell.

To retrieve the Outlook mailbox policies along with the status of external cloud storage providers, run the following cmdlet.

Get-OwaMailboxPolicy | Format-Table Name, AdditionalStorageProvidersAvailable 

get all oulook mailbox policy with additional storage providers enabled

To set the Outlook policies to restrict additional storage providers in Outlook, execute the following cmdlet.

Set-OwaMailboxPolicy -Identity <mailbox policy name> -AdditionalStorageProvidersAvailable $false 

The “AdditionalStorageProvidersAvailable” parameter in the above cmdlet will control the access to storage providers in OWA.

To check its effectiveness, run the below PowerShell cmdlet.

Get-OwaMailboxPolicy | Where-Object {!$_.AdditionalStorageProvidersAvailable} | Select-Object -ExpandProperty Name 

This will display the policy names that restrict users from adding external storage in Outlook Web App.

Restrict external storage providers with PowerShell
Also, you can check its enforcement on Outlook web by following the navigation below.

Outlook Web App → Settings (Gear icon) → Mails → Attachments → Storage accounts.

Restrict external storage providers in OWA

List of User Mailboxes with External Storage Access Permissions

Having a comprehensive list of mailboxes with external storage access helps you make decisions, including the possibility of restricting third-party services in those mailboxes too, if needed.

To retrieve mailboxes with external storage access permission, you can below PowerShell script given below.

Get-OwaMailboxPolicy | Where-Object { $_.AdditionalStorageProvidersAvailable } | ForEach-Object { 
$policyName = $_.Name 
$mailboxes = Get-CasMailbox -ResultSize Unlimited | Where-Object { $_.OwaMailboxPolicy -eq $policyName } 
$mailboxAddresses = $mailboxes.PrimarySmtpAddress -join ', ' 
$policyMessage = "The $policyName policy allows the $mailboxAddresses to configure external storage providers." 
Write-Host $policyMessage 

List of user mailbox with external storage providers access

The script works by looping through mailbox policies with the “additional storage providers” option enabled and retrieving associated mailboxes configured with these policies. This allows you to view users allowed to use external storage based on their mailbox policies. After reviewing the mailboxes, if needed you can easily modify third-party storage access by disabling the “additional storage providers” setting within the relevant mailbox policy.

Overall, it’s better to restrict the external storage providers in OWA, which will reduce your extra concern about data security. So, wisely take your decision and everything is now in your hands!

We hope this blog helps you to learn how to block Outlook web’s third-party storage providers. Furthermore, reach us in the comments section for your doubts and clarifications. We are always ready to resolve it!

Restrict External Storage Providers in OWA – Data Confidentiality Matters Most

by Sudha time to read: 4 min