Ensure users installing Outlook add-ins is not allowed
Remediation Considerations
MaxScore | ImplementationCost | UserImpact |
---|---|---|
3 | Unknown | Unknown |
Remediation Impact
Implementing this change will impact both end users and administrators. End users will be unable to integrate third-party applications they desire, and administrators may receive requests to grant permission for necessary third-party apps
Remediation
To prohibit users installing Outlook add-ins:
- Navigate to Exchange admin center https://admin.exchange.microsoft.com.
- Click to expand Roles select User roles.
- Select Default Role Assignment Policy.
- In the properties pane on the right click on Manage permissions.
- Under Other roles uncheck My Custom Apps, My Marketplace Apps and My ReadWriteMailboxApps.
- Click Save changes.
Note - This security control will take into account only the default policy. It is suggested to set the above for all the policies.