Close all Microsoft Office applications.Please select the procedure below that applies to your computer's operating system. If you're seeing a different button, located near the right end of the ribbon, you may be using the Zoom add-in for Outlook instead. The following screenshot shows the appearance of that button in the Office 365 version of Outlook for Windows. These instructions refer to the Zoom plugin for Outlook, which corresponds with the Schedule a Meeting button, located near the left end of the Outlook ribbon when you're scheduling a meeting. To prohibit users installing Outlook add-ins, use the Microsoft Online PowerShell Module: Connect to Microsoft Online service using Connect-MSOLService.Learn how to remove the Zoom plugin for Outlook. De-Select My Custom Apps My Marketplace Apps and My ReadWriteMailboxApps. Select permissions from the Exchange navigation pane. Click on the Classic Exchange admin center at the bottom. Solution To prohibit users installing Outlook add-ins, use the Microsoft 365 Admin Center: Select Admin Centers and Exchange. Please review the benchmark to ensure target compliance. NOTE: Nessus has not performed this check. Administrators are likely to receive requests from end users to grant them permission to necessary third-party applications. End users will not be able to integrate third-party applications that they may wish to use. Impact: Implementation of this change will impact both end users and administrators.
Disable future user's ability to install add-ins in Microsoft Outlook helps reduce your threat-surface and mitigate this risk. While allowing users to install add-ins by themselves does allow them to easily acquire useful add-ins that integrate with Microsoft applications, it can represent a risk if not used and monitored carefully. Rationale: Attackers commonly use vulnerable and custom-built add-ins to access data in user applications. Do not allow users to install add-ins in Outlook. Information By default, users can install add-ins in their Microsoft Outlook Desktop client, allowing data access within the client application.
0 kommentar(er)
