Microsoft 365 (O365)

blog.payperitem.com,

In Microsoft 365 (O365), managing email attachment behavior for roaming users depends on policies set through Microsoft Purview, Intune, Group Policy, and Exchange Online settings. Here are the key aspects of managing roaming profile policies for email attachments:

1. OneDrive for Business as Default Save Location

  • Microsoft encourages using OneDrive for Business for storing email attachments instead of local profiles.
  • Policy Setting: Configure the Outlook policy to save attachments to OneDrive automatically.
  • Implementation:
    • Via Intune: Administrative Templates → Microsoft Outlook → “Use OneDrive for Business for file attachments”
    • Via GPO: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Outlook\Preferences
      • OneDriveAttachmentsEnabled = 1 (Enable)

2. Outlook Cached Mode & Roaming Profile Handling

  • Cached Exchange Mode can store OST files in a local or network path (but network storage is not recommended for OSTs).
  • Policy Setting: If users roam across devices, enable “Outlook Cached Mode” with a reduced cache timeframe.
  • Implementation:
    • Via Intune: Administrative Templates → Microsoft Outlook → “Cached Exchange Mode”
    • Via GPO: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Outlook\Cached Mode
      • Enable = 1
      • SyncWindowSetting = 1 (1 month)

3. Attachments Blocking & Security Policies

  • Microsoft Defender for Office 365 can scan and block malicious attachments.
  • Safe Attachments Policy:
    • Microsoft 365 Defender → Threat Policies → Safe Attachments
    • Enable “Dynamic Delivery” to allow email previews while scanning.

4. Conditional Access & DLP for Attachments

  • Prevent attachments from being downloaded to unmanaged devices using Microsoft Endpoint Manager & Conditional Access.
  • DLP Policy: Prevent data leakage by controlling who can download, print, or copy email attachments.
    • Compliance Center → Data Loss Prevention → Policies
    • Configure rules to restrict sharing outside the organization.

5. OWA (Outlook Web Access) Attachment Policies

  • Configure attachment download restrictions for roaming users.
  • Policy Setting: Block download of attachments in unmanaged devices.
    • Microsoft 365 Admin → Exchange Admin Center → Outlook Web App Policies
    • Modify OWA Mailbox Policy:
      • DirectFileAccessOnPublicComputersEnabled = False
      • DirectFileAccessOnPrivateComputersEnabled = False
Cloud Exchange M365

Related Posts

System Details Script for ConnectWise Automate (PowerShell)

System Details Script for ConnectWise Automate (PowerShell) powershell$SystemDetails = @{}# Get Computer Name$SystemDetails[“ComputerName”] = $env:COMPUTERNAME# Get OS Info$OS = Get-CimInstance Win32_OperatingSystem$SystemDetails[“OS”] = “$($OS.Caption) ($($OS.BuildNumber))”$SystemDetails[“OS_Arch”] = $OS.OSArchitecture$SystemDetails[“Uptime_Days”] = [math]::Round((Get-Date) – $OS.LastBootUpTime).TotalDays# Get CPU Info$CPU = Get-CimInstance Win32_Processor$SystemDetails[“CPU”] = “$($CPU.Name) – $($CPU.NumberOfCores) Cores / $($CPU.NumberOfLogicalProcessors) Threads”# Get RAM Info$RAM = Get-CimInstance Win32_ComputerSystem$SystemDetails[“RAM_GB”]…

Read More

Azure Storage Replication

Azure Storage Replication – A primary advantage of using Azure cloud storage is high availability due to various replication strategies that ensure data is always available to customers. Storage Services – All data services are accessible through a storage account in Azure:●  Azure Containers (Blobs)             ●  Azure Files     …

Read More