Microsoft Enhances Group Policy Controls for Office 2016 Macro Threats

Microsoft has ratcheted up IT pro controls to thwart malware that could spread through Office 2016 macros.

It's now possible to block end users from turning on macros in Excel, PowerPoint and Word when those documents are accessed from the Internet. That's done by making Group Policy configuration changes using the Group Policy Management Editor, Microsoft explained, in an announcement this week.

IT pros need Group Policy Administrative Templates for Office 2016 to carry out the policy change. Microsoft publishes those templates for Office Professional Plus 2016 and Office 365 ProPlus 2016 versions at this page. The macro-blocking capability works with Office 2016 installed on Windows systems as far back as Windows 7 and Windows Server 2008 R2.

IT pros can change these settings in the Trust Center for Office 2016 applications within the Group Policy Management Editor. The policy change will just affect Excel, PowerPoint and Word documents that come from the Internet, which is called the "Internet Zone" in Windows. For instance, the Group Policy changes can set policies for documents arriving via e-mail attachments or documents accessible through file shares that are outside the organization's domain. The Group Policy changes also take effect for documents that get downloaded from storage services, such as Dropbox, Google Drive and OneDrive, the announcement explained.

There's just one exception to this macro-blocking capability. It doesn't affect Office 2016 documents if the file was saved to "a trusted location or was previously trusted by the user," per Microsoft's documentation.

Microsoft already has a feature for Office applications that disables macros by default. This "Protected View" feature lets end users review an Office document with macros disabled. Protected View has been available since Office 2010. However, the company has seen an increase in macro-initiated malware using Office documents over the last three months. The increase in malware has occurred largely because malware writers have been tricking end users into enabling the macros in Office documents.

Malware writers tell message recipients to "enable editing" and "enable content" for the document. When they take those actions, the macro capability gets enabled. Now, IT pros can thwart those "social engineering" attempts by making Group Policy changes for Office documents received through the Internet.

In addition to using this new blocking capability, Microsoft suggests disabling macros altogether if an organization doesn't need them.

"If your enterprise does not have any workflows that involve the use of macros, disable them completely," Microsoft's announcement stated. "This is the most comprehensive mitigation that you can implement today."

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Microsoft Hires Movial To Build Android OS for Microsoft Devices

    Microsoft has hired the Romanian operations of software engineering and design services company Movial to develop an Android-based operating system solution for the Microsoft Devices business segment.

  • Microsoft Ending Workflows for SharePoint 2010 Online Next Month

    Microsoft on Monday gave notice that it will be ending support this year for the "workflows" component of SharePoint 2010 Online, as well as deprecating that component for SharePoint 2013 Online.

  • Why Windows Phone Is Dead, But Not Completely Gone

    Don't call it a comeback (because that's not likely). But as Brien explains, there are three ways that today's smartphone market leaves the door open for Microsoft to bring Windows back to smartphones.

  • Feature Update Deferral Mix-Up in Windows 10 Version 2004 Further Explained

    Microsoft last week described the confusion it is attempting to avoid by removing the client graphical user interface (GUI)-based controls to defer Windows 10 feature updates, starting with version 2004.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.