Allowing users to add their own plugins within Outlook, Word, Excel and other Microsoft 365 applications can have several disadvantages and risks. Disabling this feature is an easy way to tighten up your Microsoft 365 environment.
Security Concerns with User-Installed Plugins
Security concerns are likely to be the top risk for plugins. If your organization allows users to add their own plugins, these plugins may have not been vetted properly by your IT or cybersecurity staff. This may result in a plugin that is malicious in nature or just poorly designed the could compromise the security of your organization. These plugins could have vulnerabilities that could be exploited by hackers, potentially leading to data breaches, unauthorized access, or malware infections. If your IT or cybersecurity staff do not have the knowledge that a specific plugin is in use within the environment, this could make it difficult to stay on top of patches and vulnerabilities.
Compliance and Data Protection issues go hand in hand with security. Many organizations have specific compliance requirements and data protection policies that govern the use of software applications like Outlook. Allowing users to add plugins can lead to non-compliance with these policies, potentially exposing sensitive information or violating privacy regulations.
Stability and Reliability are another concern for allowing users to install their own plugins. Microsoft Outlook is a complex software application with various features and integrations. Allowing your users to add plugins without proper verification and testing could introduce compatibility issues, conflicts with existing functionalities, or even cause crashes and instability in the application. Maintaining stability and reliability is crucial to ensure uninterrupted workflow and avoid data loss. Processes and workflows may become dependent on stale, outdated or unmaintained plugins.
Support Concerns with User-Installed Plugins
Enabling users to install their own plugins can significantly increase the support and maintenance burden on the IT department or help desk. It becomes challenging to provide assistance for a wide range of plugins developed by different individuals or organizations. This can result in slower response times, increased complexity in troubleshooting, and higher costs associated with maintaining the Outlook ecosystem.
Restricting users from adding their own plugins within Outlook helps maintain security, stability, user experience, compliance, and ease of support. It ensures that the application remains robust, reliable, and optimized for professional use while mitigating potential risks and vulnerabilities. Let’s take a dive into disabling these options.
Instructions to Disable User-Installed Plugins
To disable this ability, you’ll first want to login to your Microsoft 365 Portal. Once you’re there, select the “Admin” button.
From the Admin portal, Click the “Show all” button at the bottom.
On the expanded menu, click on “Exchange”
Locate the “Roles” section and expand it. You’ll click on “User Roles”.
There will be a default policy for users in this section. We’ll click on it and a side window will open.
Click on the manage permissions button
Scroll down and find the “other roles” section. Ensure that the following items are unchecked:
- My Custom Apps
- My Marketplace Apps
- My RedWriteMailbox Apps
Then click the save changes button.
You’ll also want to disable add-ins for Word, Excel and PowerPoint too.
Back at the admin portal, expand the settings drop down. Click on “Org Settings”
Under the services tab, scroll down until you find “User owned apps and services”
Uncheck both of the following items:
- Let users access the Office Store
- Let users start trials on behalf of your organization
- Let users auto-claim licenses the first time they sign in (This one is disabled by default)
If you found this article helpful and you need assistance securing your Microsoft 365 environment, please reach out to me via my new professional services company, New England Media and IT Services, LLC. You can also find additional information on my blog site, achubbard.com.