Information
This policy setting allows the blocking of macros from running in Office files that come from the internet.
By enabling this policy setting, macros are blocked from running, even if 'Enable all macros' is selected in the Macro Settings section of the Trust Center. Users will receive a notification that macros are blocked from running.
The exceptions when macros will be allowed to run are:
- The Office file is saved to a Trusted Location.
- The Office file was previously trusted by the user.
- Macros are digitally signed and the matching Trusted Publisher certificate is installed on the device.
The recommended state for this setting is: Enabled
Windows will mark files downloaded from the internet within an alternative NTFS data stream on the file. Files from untrusted sources can contain malicious payloads embedded in the Macros, including fileless malware, and should be handled with extra care by utilizing additional security controls.
Solution
To establish the recommended state via configuration profiles, set the following Settings Catalog path to Enabled
Microsoft Excel 2016\Excel Options\Security\Trust Center\Block macros from running in Office files from the internet
Impact:
This enforces the default behavior and should not cause additional impact.