Some companies’ security policies recommend that it must be ensured that no company data will be saved on “non-company” devices. A first step to achieve that is to disable attachment download. To do this, you can just remove the checkbox in ECP:
You can also create a new OWA policy and specify the following:
If you are more the PowerShell Guy:
Get-OwaMailboxPolicy | Set-OwaMailboxPolicy -DirectFileAccessOnPublicComputersEnabled $false -DirectFileAccessOnPrivateComputersEnabled $false
The result is that the attachments cannot be downloded any more:
The cool thing is that viewing attachments in Office Online is still possible.
There are more features which can be disabled to gain more security which will be discussed in separate articles.