Ensure users installing Outlook add-ins is not allowed
Remediation Considerations
| MaxScore | ImplementationCost | UserImpact |
|---|---|---|
| 3 | Unknown | Unknown |
Remediation Impact
Implementing this change will impact both end users and administrators. End users will be unable to integrate third-party applications they desire, and administrators may receive requests to grant permission for necessary third-party apps
Remediation
To prohibit users installing Outlook add-ins:
-
Navigate to Exchange admin center https://admin.exchange.microsoft.com.
-
Click to expand Roles select User roles.
-
Select Default Role Assignment Policy.
-
In the properties pane on the right click on Manage permissions.
-
Under Other roles uncheck My Custom Apps, My Marketplace Apps and My ReadWriteMailboxApps.
-
Click Save changes.
Note - This security control will take into account only the default policy. It is suggested to set the above for all the policies.