1.13.5 Ensure 'Allow Active X One Off Forms' is set to Enabled:Load only Outlook Controls

Information

By default, third-party ActiveX controls are not allowed to run in one-off forms in Outlook. You can change this behavior so that Safe Controls (Microsoft Forms 2.0 controls and the Outlook Recipient and Body controls) are allowed in one-off forms, or so that all ActiveX controls are allowed to run. The recommended state for this setting is: Enabled:Load only Outlook Controls.

Rationale:

If additional types of Active X controls are allowed, particularly un-trusted third-party controls, the risk of malware infecting the computer increases.

Solution

To implement the recommended configuration state, set the following Group Policy setting to Enabled.

User Configuration\Administrative Templates\Microsoft Outlook 2016\Security\Allow Active X One Off Forms

Then set the Allow Active X One Off Forms option to Load only Outlook Controls.

Impact:

This setting enforces the default configuration and therefore should not have any effect on usability.

See Also

https://workbench.cisecurity.org/files/553

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-18(4)

Plugin: Windows

Control ID: 2c36183613a1377b51589aae908fc79b296d0b31e6ce6100f387784f34cda81e