1.3.7 Ensure 'third-party storage services' are restricted in 'Microsoft 365 on the web'

Information

Third-party storage can be enabled for users in Microsoft 365, allowing them to store and share documents using services such as Dropbox, alongside OneDrive and team sites.

Ensure Microsoft 365 on the web third-party storage services are restricted.

Rationale:

By using external storage services an organization may increase the risk of data breaches and unauthorized access to confidential information. Additionally, third-party services may not adhere to the same security standards as the organization, making it difficult to maintain data privacy and security.

Impact:

Impact associated with this change is highly dependent upon current practices in the tenant. If users do not use other storage providers, then minimal impact is likely. However, if users do regularly utilize providers outside of the tenant this will affect their ability to continue to do so.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

To restrict Microsoft 365 on the web:

Navigate to Microsoft 365 admin center https://admin.microsoft.com

Go to Settings > Org Settings > Services > Microsoft 365 on the web

Uncheck Let users open files stored in third-party storage services in Microsoft 365 on the web

Default Value:

Enabled - Users are able to open files stored in third-party storage services

See Also

https://workbench.cisecurity.org/benchmarks/15279

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|13.1, CSCv7|13.4

Plugin: microsoft_azure

Control ID: f185d7c5ce91d198e2abb502d9ce2cc8ea76f38cb980a8945caa021c8171e3fe