Information
Windows Attachment Execution Service places a marker in the file's alternate data stream to indicate it came from the Internet zone. If you enable this policy setting, macros are blocked from running, even if 'Enable all macros' is selected in the Macro Settings section of the Trust Center. Users will receive a notification that macros are blocked from running.
The exceptions when macros will be allowed to run are:
The Office file is saved to a Trusted Location.
The Office file was previously trusted by the user.
Macros are digitally signed and the matching Trusted Publisher certificate is installed on the device.
The recommended state for this setting is: Enabled
Rationale:
Macros can contain malicious code or instructions that can compromise the system on which they are run. Blocking macros on files marked as originating from the internet ensures known, unknown, and obfuscated code are contained by this measure from being ran accidentally by the end user.
Impact:
As this measure is enforcing the default, there is little or no impact.
Solution
To establish the recommended configuration via GP, set the following UI path to Enabled.
User Configuration\Administrative Templates\Microsoft PowerPoint 2016\PowerPoint Options\Security\Trust Center\Block macros from running in Office files from the Internet
Default Value:
Enabled. (Macros on files marked from the internet are blocked.)