Microsoft Enhances Group Policy Controls for Office 2016 Macro Threats

Microsoft has ratcheted up IT pro controls to thwart malware that could spread through Office 2016 macros.

It's now possible to block end users from turning on macros in Excel, PowerPoint and Word when those documents are accessed from the Internet. That's done by making Group Policy configuration changes using the Group Policy Management Editor, Microsoft explained, in an announcement this week.

IT pros need Group Policy Administrative Templates for Office 2016 to carry out the policy change. Microsoft publishes those templates for Office Professional Plus 2016 and Office 365 ProPlus 2016 versions at this page. The macro-blocking capability works with Office 2016 installed on Windows systems as far back as Windows 7 and Windows Server 2008 R2.

IT pros can change these settings in the Trust Center for Office 2016 applications within the Group Policy Management Editor. The policy change will just affect Excel, PowerPoint and Word documents that come from the Internet, which is called the "Internet Zone" in Windows. For instance, the Group Policy changes can set policies for documents arriving via e-mail attachments or documents accessible through file shares that are outside the organization's domain. The Group Policy changes also take effect for documents that get downloaded from storage services, such as Dropbox, Google Drive and OneDrive, the announcement explained.

There's just one exception to this macro-blocking capability. It doesn't affect Office 2016 documents if the file was saved to "a trusted location or was previously trusted by the user," per Microsoft's documentation.

Microsoft already has a feature for Office applications that disables macros by default. This "Protected View" feature lets end users review an Office document with macros disabled. Protected View has been available since Office 2010. However, the company has seen an increase in macro-initiated malware using Office documents over the last three months. The increase in malware has occurred largely because malware writers have been tricking end users into enabling the macros in Office documents.

Malware writers tell message recipients to "enable editing" and "enable content" for the document. When they take those actions, the macro capability gets enabled. Now, IT pros can thwart those "social engineering" attempts by making Group Policy changes for Office documents received through the Internet.

In addition to using this new blocking capability, Microsoft suggests disabling macros altogether if an organization doesn't need them.

"If your enterprise does not have any workflows that involve the use of macros, disable them completely," Microsoft's announcement stated. "This is the most comprehensive mitigation that you can implement today."

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

comments powered by Disqus