ASD's Blueprint for Secure Cloud

ASD Office Hardening - All Macros Disabled

This section describes the configuration of device configuration profiles within Microsoft Intune associated with systems built according to the guidance provided by ASD's Blueprint for Secure Cloud.

Estimated reading time: 4 minutes

Basics

ItemValue
NameASD Office Hardening - All Macros Disabled
Description
PlatformWindows 10 and later

Assignments

Included groups

ItemValue
GroupsAll devices

Excluded groups

None

Scope tags

ItemValue
Scope tagsDefault

Configuration settings

Microsoft Access 2016

ItemValue
Application Settings > Security > Trust CenterDisable all without notification
Turn off trusted documents (User)Enabled
Turn off Trusted Documents on the network (User)Enabled
VBA Macro Notification Settings (User)Enabled
Application Settings > Security > Trust Center > Trusted Locations
Allow Trusted Locations on the network (User)Disabled
Disable all trusted locations (User)Enabled

Microsoft Excel 2016

ItemValue
Excel Options > Security > Trust CenterDisable all without notification
Trust access to Visual Basic Project (User)Disabled
Turn off trusted documents (User)Enabled
Turn off Trusted Documents on the network (User)Enabled
VBA Macro Notification Settings (User)Enabled
Excel Options > Security > Trust Center > Trusted Locations
Allow Trusted Locations on the network (User)Disabled
Disable all trusted locations (User)Enabled

Microsoft Office 2016

ItemValue
Security Settings
Automation Security (User)Enabled
- Set the Automation Security level (User)Disable macros by default
Disable VBA for Office applications (User)Enabled
Security Settings > Trust Center
Allow mix of policy and user locations (User)Disabled

Microsoft Outlook 2016

ItemValue
Security > Trust Center
Apply macro security settings to macros, add-ins and additional actions (User)Enabled
Security setting for macros (User) (Deprecated)Disabled

Microsoft PowerPoint 2016

ItemValue
PowerPoint Options > Security > Trust CenterDisable all without notification
Trust access to Visual Basic Project (User)Disabled
Turn off trusted documents (User)Enabled
Turn off Trusted Documents on the network (User)Enabled
VBA Macro Notification Settings (User)Enabled
PowerPoint Options > Security > Trust Center > Trusted Locations
Allow Trusted Locations on the network (User)Disabled
Disable all trusted locations (User)Enabled

Microsoft Project 2016

ItemValue
Project Options > Security > Trust CenterDisable all without notification
Allow Trusted Locations on the network (User)Disabled
Disable all trusted locations (User)Enabled
VBA Macro Notification Settings (User)Enabled

Microsoft Publisher 2016

ItemValue
SecurityHigh (disabled)
Publisher Automation Security Level (User)Enabled
Security > Trust CenterVisio Options > Security > Trust Center
VBA Macro Notification Settings (User)Enabled

Microsoft Visio 2016

ItemValue
Visio Options > Security > Trust CenterDisable all without notification
Allow Trusted Locations on the network (User)Disabled
Disable all trusted locations (User)Enabled
Turn off trusted documents (User)Enabled
Turn off Trusted Documents on the network (User)Enabled
VBA Macro Notification Settings (User)Enabled
Visio Options > Security > Macro Security
Enable Microsoft Visual Basic for Applications project creation (User)Disabled
Load Microsoft Visual Basic for Applications projects from text (User)Disabled

Microsoft Word 2016

ItemValue
Word Options > Security > Trust CenterDisable all without notification
Trust access to Visual Basic Project (User)Disabled
Turn off trusted documents (User)Enabled
Turn off Trusted Documents on the network (User)Enabled
VBA Macro Notification Settings (User)Enabled
Word Options > Security > Trust Center > Trusted Locations
Allow Trusted Locations on the network (User)Disabled
Disable all trusted locations (User)Enabled

Security & Governance

  • None identified

Design

  • None identified

Configuration

  • None identified

References

  • None identified

Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at blueprint@asd.gov.au

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra