Information
You should restrict storage providers that are integrated with Outlook on the Web.
Rationale:
By default additional storage providers are allowed in Outlook on the Web (such as Box, Dropbox, Facebook, Google Drive, OneDrive Personal, etc.). This could lead to information leakage and additional risk of infection from organizational non-trusted storage providers. Restricting this will inherently reduce risk as it will narrow opportunities for infection and data leakage.
Impact:
Impact associated with this change is highly dependent upon current practices in the tenant. If users do not use other storage providers, then minimal impact is likely. However, if users do regularly utilize providers outside of the tenant this will affect their ability to continue to do so.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
To disable external storage providers, use the Exchange Online PowerShell Module:
Connect to Exchange Online using Connect-EXOPSSession.
Run the following Powershell command:
Set-OwaMailboxPolicy -Identity OwaMailboxPolicy-Default -AdditionalStorageProvidersAvailable $false
Run the following Powershell command to verify that the value is now False:
Get-OwaMailboxPolicy | Format-Table Name, AdditionalStorageProvidersAvailable
Default Value:
Additional Storage Providers - True