Disable Trust Bar Notification for unsigned application add-ins and block them - publisher

Information

This policy setting controls whether the specified Office application notifies users when unsigned application add-ins are loaded or silently disable such add-ins without notification. This policy setting only applies if you enable the 'Require that application add-ins are signed by Trusted Publisher' policy setting, which prevents users from changing this policy setting. \n If you enable this policy setting, applications automatically disable unsigned add-ins without informing users. \n \n If you disable this policy setting, if this application is configured to require that all add-ins be signed by a trusted publisher, any unsigned add-ins the application loads will be disabled and the application will display the Trust Bar at the top of the active window. The Trust Bar contains a message that informs users about the unsigned add-in. \n If you do not configure this policy setting, the disable behavior applies, and in addition, users can configure this requirement themselves in the 'Add-ins' category of the Trust Center for the application.

Solution

Policy Path: Microsoft Publisher 2016\Security\Trust Center
Policy Setting Name: Disable Trust Bar Notification for unsigned application add-ins and block them

See Also

https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-review-for-m365-apps-for-enterprise-v2312/ba-p/4009591

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-18(4)

Plugin: Windows

Control ID: 559f6391f9aa5ab9445adf395fc52e781327d7e00e840dbfc0e4b5e124de5605