Microsoft Introduces New OWA Setting to Control Access to Storage Providers

Posted on by Tony Redmond

AdditionalStorageProvidersAvailable Setting Replaces Two Deprecated Settings

In April, I wrote about the ThirdPartyFileProvidersEnabled setting in OWA mailbox policies. The setting controls if OWA users can access third-party storage providers like Dropbox and Google Drive. At the time, I said that the setting wasn’t well known. Maybe that was for the best because now we learn from Office 365 Notification MC186732 that Microsoft has decided to expand the set of third-party providers to include Facebook and OneDrive personal. As part of the change, they have deprecated the ThirdPartyFileProvidersEnabled and OneDriveAttachmentsEnabled (to control access to OneDrive personal accounts) settings and replaced them with AdditionalStorageProvidersAvailable, a new setting for OWA mailbox policies to control access to all storage providers, both first-party (like OneDrive) and third-party.

Access Enabled by Default

The new setting is now in OWA mailbox policies. This is easily checked with PowerShell:

Get-OwaMailboxPolicy | Format-Table Name, AdditionalStorageProvidersAvailable
               
Name                       AdditionalStorageProvidersAvailable
----                       -----------------------------------
OwaMailboxPolicy-Default                                  True
Restricted Download Access                                True
OWAFullAccess                                             True
NoOfflineAccess                                           True

As you can see, the default setting is True (as Microsoft says, it is “on by default”), which means that any OWA user can access storage providers to browse for files to attach to messages (Figure 1).

Browsing Dropbox to attach a file to an OWA message
Figure 1: Browsing Dropbox to attach a file to an OWA message

Adjusting Access for Some OWA Mailbox Policies

The new setting becomes active for Targeted Release users on August 15 and Standard Release users on August 30. Before then, you might want to turn the AdditionalStorageProvidersAvailable setting to Off in the OWA mailbox policies where ThirdPartyFileProvidersEnabled is currently set to Off so that users see no change in behavior. Again, this is easily done with PowerShell.

Get-OWAMailboxPolicy | ? {$_.ThirdPartyFileProvidersEnabled -eq $False} | Set-OWAMailboxPolicy -AdditionalStorageProvidersAvailable $False

A Matter of Policy

There’s goodness and badness in allowing users to access third-party file providers. It’s good that they attach files stored in the providers to bring them into Exchange Online and so expose the content to Office 365 data governance. It’s bad if it encourages the long-term use of third-party file providers for business information. Each organization will have to make up its mind how to handle the situation and decide if they want to enable access to other file services.

For more information about using OWA mailbox policies, see the Office 365 for IT Pros eBook.

3 Replies to “Microsoft Introduces New OWA Setting to Control Access to Storage Providers”

  1. Hi Tony, thanks for the clear write-up! I believe though you mean:

    Get-OWAMailboxPolicy | ? {$_.ThirdPartyFileProvidersEnabled -eq $True}

    To set it to false where it’s by default set to true 🙂

    Reply

    1. No, I’m looking for OWA mailbox policies where the ThirdPartyFileProvidersEnabled setting is False to set the new AdditionalStorageProvidersAvailable setting to False as well.

      Reply

      1. Mon dieu, how could I have misread that one. My bad, and, I will set that setting myself as well first thing in the morning. Thanks!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.