Information
This policy setting allows the blocking of macros from running in Office files that come from the internet.
By enabling this policy setting, macros are blocked from running, even if 'Enable all macros' is selected in the Macro Settings section of the Trust Center. Users will receive a notification that macros are blocked from running.
The exceptions when macros will be allowed to run are:
The Office file is saved to a Trusted Location.
The Office file was previously trusted by the user.
Macros are digitally signed and the matching Trusted Publisher certificate is installed on the device.
The recommended state for this setting is: Enabled.
Rationale:
Windows will mark files downloaded from the internet within an alternative NTFS data stream on the file. Files from untrusted sources can contain malicious payloads embedded in the Macros, including fileless malware, and should be handled with extra care by utilizing additional security controls.
Impact:
This enforces the default behavior and should not cause additional impact.
Solution
To establish the recommended configuration via GP, set the following UI path to Enabled:
User Configuration\Administrative Templates\Microsoft Publisher 2016\Security\Trust Center\Block macros from running in Office files from the internet
Default Value:
Enabled. (Macros are blocked)