Information
This policy setting controls whether add-ins for the specified Office applications must be digitally signed by a trusted publisher.
The recommended state for this setting is: Enabled
By default, Office applications do not check the digital signature on application add-ins before opening them. Not configuring this setting may allow an application to load a dangerous add-in and as a result, malicious code could become active on a user's computer or the network.
Solution
To establish the recommended state via configuration profiles, set the following Settings Catalog path to Enabled
Microsoft Access 2016\Application Settings\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher
Impact:
This setting could cause disruptions for users who rely on add-ins that are not signed by trusted publishers. These users will either have to obtain signed versions of such add-ins or stop using them.
Office stores certificates for trusted publishers in the trusted publisher store. Earlier versions of Office stored trusted publisher certificate information (specifically, the certificate thumbprint) in a special Office trusted publisher store. Office still reads trusted publisher certificate information from the Office trusted publisher store but does not write information to this store.
If a list of trusted publishers in a previous version of Office was created and upgrade the Office release, the trusted publisher list will still be recognized.