404 Tech Support

Where IT Help is Found

You are here: Home / Articles / System Administration / Protect your organization from ransomware by blocking macros in Office 2016 through Group Policy

Protect your organization from ransomware by blocking macros in Office 2016 through Group Policy

Microsoft has updated the available Office 2016 Administrative Templates for Group Policy configuration. The updated admx files include new settings to block macros from running in Word documents, Excel spreadsheets, or PowerPoint presentations that originated from the Internet. Microsoft has provided this updated mitigation to provide control to a popular vector that malware, in particularly ransomware, is taking advantage. If you do not use macros, you can disable them completely through the ‘VBA Macro Notification Settings’ setting. If you use macros, you can use the new setting to selectively block their execution in documents that were downloaded from file-sharing sites or storage providers as well as emails.

To find the settings, download the latest Administrative Templates for Office 2016 and extract them to your central store. Once copied to your central store, you will find the ‘Block macros from running in Office files from the Internet’ setting in the following paths:

  • User Configuration, Administrative Templates, Microsoft Excel 2016, Excel Options, Security, Trust Center
  • User Configuration, Administrative Templates, Microsoft PowerPoint 2016, PowerPoint Options, Security, Trust Center
  • User Configuration, Administrative Templates, Microsoft Word 2016, Word Options, Security, Trust Center

block_macros_tree

The setting can be enabled or disabled. If a document is opened with a macro that is legitimate and needs to be run, users will need to move it to a trusted location in order to allow the macro.

block_macros

Microsoft’s previous level of protection was the Protected View. It warned the user and required elevation to ‘enable editing’ for the restricted content in external files.

macro_doc

Microsoft has put the power in the hands of the enterprise as it was too easy for an end-user to click ‘enable editing’ and run a suspicious file just to make the notice disappear. The user will now receive an alert saying:

“Blocked Content – Macros in this document have been disabled by your enterprise administrator for security reasons.”

office2016_macro_blocked

With ransomware the latest and most profitable route for malicious actors to take, it is recommended to shut the door to macro-based malware by enabling this setting.

For more information, you can see this article from the Microsoft Malware Protection Center and the TechNet article to ‘Plan security settings for VBA macros in Office 2016‘.

Elevator Pitch

404 Tech Support documents solutions to IT problems, shares worthwhile software and websites, and reviews hardware, consumer electronics, and technology-related books.

Subscribe to 404TS articles by email.

Follow Us

Recent Posts

FTC Disclaimer

404TechSupport is an Amazon.com affiliate; when you click on an Amazon link from 404TS, the site gets a cut of the proceeds from whatever you buy. This site also uses Skimlinks for smart monetization of other affiliate links.
Use of this site requires displaying and viewing ads as they are presented.