OWA’s ThirdPartyFileProvidersEnabled Setting

Do You Really Want OWA Users to Access Third Party File Providers?

Those who browse the deep recesses of Microsoft documentation often find unannounced pleasures awaiting their delight. Such is the case of Set-OWAMailboxPolicy, where the ThirdPartyFileProvidersEnabled setting is documented. Despite the best efforts of Vasil Michev (the esteemed technical editor of the Office 365 for IT Pros eBook), the setting seems to be not well known. It deserves more.

By default, the setting is false, which means that OWA users can’t access third-party file providers like Box, Google Drive, or Dropbox to upload attachments. Before users can access a third-party file provider, they must authenticate their account (including an MFA challenge if MFA is enabled for the account) and give access to OWA.

Completing the verification process to allow OWA to access Google Drive
Completing the verification process to allow OWA to access Google Drive

Once the connection is made between the third-party file provider and OWA, the user can browse for attachments. Here’s what it looks like for a Dropbox account.

Selecting Dropbox files to attach to an OWA message
Selecting Dropbox files to attach to an OWA message

Goodness and Badness

There’s goodness and badness in allowing users to access third-party file providers. It’s good that they attach files stored in the providers to bring them into Exchange Online and so expose the content to Office 365 data governance. It’s bad if it encourages the long-term use of third-party file providers for business information. Each organization will have to make up its mind how to handle the situation and decide if they want to enable access to other file services.

Discovering Who Can Use Third-Party File Providers

To check what OWA mailbox policies allow access to third-party file providers, use the command:

We can see that three of the OWA mailbox policies allow third-party file providers. To discover the mailboxes covered by these policies, use the command:

We use Get-Mailbox to feed a filtered list of user mailboxes (excluding room, shared, discovery, and resource mailboxes) to Get-CasMailbox, check what OWA mailbox policy applies to each , and output a list of names. Simple!

For more information about OWA (but not third-party file providers), see Chapter 10 of the Office 365 for IT Pros eBook.


One Reply to “OWA’s ThirdPartyFileProvidersEnabled Setting”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.