If you work or manage clients in organizations that handle sensitive information like banks as an example, they might have a requirement to not allow users to download OWA attachments.
You can set this company wide or you can create a new mailbox policy and assign it to certain users.
In this example, we are going to set it for the entire organization. To firstly check the current settings, you can run the following command:
- Get-OwaMailboxPolicy | Fl
As you can see above in the highlighted fields, Direct File access is allowed for public and private computers.
To disable both settings, you can run the following command below:
- Get-OwaMailboxPolicy | Set-OwaMailboxPolicy -DirectFileAccessOnPublicComputersEnabled $false -DirectFileAccessOnPrivateComputersEnabled $false
It took about 2 mins to finish running this. To confirm that all is complete, you can run the first command again and they should both be set to False:
Now your users wont be able to download attachments on OWA.
Hope it helps.