Information
This policy setting controls whether the specified Office application notifies users when unsigned application add-ins are loaded or silently disables such add-ins without notification.
Note: For this policy to apply, the Require that application add-ins are signed by Trusted Publisher policy setting needs to be enabled. This will prevent users from changing the Disable Trust Bar Notification for Unsigned Application Add-ins and Block Them policy setting.
The recommended state for this setting is: Enabled.
Rationale:
Allowing unsigned application add-ins could cause the application to load dangerous add-ins and as a result, malicious code could become active endpoints and the network.
Impact:
If an application is configured to require that all add-ins be signed by a trusted publisher, any unsigned add-ins the application loads will be disabled and the application will display the Trust Bar at the top of the active window. The Trust Bar contains a message that informs users about the unsigned add-in.
Solution
To establish the recommended configuration via GP, set the following UI path to Enabled.
User Configuration\Administrative Templates\Microsoft Publisher 2016\Security\Trust Center\Disable Trust Bar Notification for unsigned application add-ins and block them
Default Value:
Disabled. (Users can configure this requirement themselves in the 'Add-ins' category of the Trust Center for the application.)