Microsoft plans to allow Office 365 admins to ensure that end users can’t override organization-wide policies set up to block active content even with Trusted Documents.
Trusted Documents are files that contain active content such as ActiveX controls, macros, and Dynamic Data Exchange (DDE) functions that don’t require user interaction, but still open without displaying a prompt or a warning.
However, such active content also lends itself to being misused by threat actors for malicious purposes. Until now, embedded active content in Trusted Documents enabled the files to bypass the Protected View safeguards, but Microsoft is about to change the default setting.
“We are changing the behavior of Office applications to enforce policies that block Active Content (ex. macros, ActiveX, DDE) on Trusted Documents,” announced the company in its Microsoft 365 roadmap.
Admins know best
Currently all active content embedded inside Trusted Documents would run unhindered, even if an IT administrator had set a policy to block such content.
“As part of ongoing Office security hardening, the IT administrator’s choice to block Active Content will now always take precedence over end-user set trusted documents,” explains Microsoft.
The change would ensure that if an admins has blocked active content, even Trusted Documents with such content will now open under Protected View, even if a user has enabled such content to run without warnings.
According to the roadmap, Microsoft plans to roll out this new feature to all Microsoft 365 users world-wide, by the end of October 2021.