1.13.4.2 Ensure 'Apply macro security settings to macros, add-ins and additional actions' is set to Enabled

Information

This policy setting controls whether Outlook also applies the macro security settings to installed COM add-ins and additional actions.
If you enable this policy setting, the macro security settings will also be applied to add-ins and additional actions.
If you disable or do not configure this policy setting, Outlook does not use the macro security settings to determine whether to run macros, installed COM add-ins, and additional actions. The recommended state for this setting is: Enabled.

Rationale:

Attackers can insert malicious code into add-ins and smart tags in an attempt to affect your computing environment. By default, COM add-ins and smart tags are not subject to the same security restrictions as installed macros.

Solution

To implement the recommended configuration state, set the following Group Policy setting to Enabled.

User Configuration\Administrative Templates\Microsoft Outlook 2013\Security\Trust Center\Apply macro security settings to macros, add-ins and additional actions

Impact:

When this setting is Enabled and a strong security level is chosen for macros, add-ins and smart tags will run under greater security restrictions. This configuration might have an impact on users that use add-ins and smart tags.

See Also

https://workbench.cisecurity.org/files/552

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3a.

Plugin: Windows

Control ID: 5a014670e2e1ac214ec3a834c08da5003119e092ebd8ce86d20fb8d61d3cb777