MC302216 – This feature update will change the behavior of Office applications to enforce policies that block active content (ex. macros, ActiveX, DDE) on Trusted Documents. Previously, active content was allowed to run in Trusted Documents even when an IT administrator had set a policy to block it. As part of ongoing Office security hardening, the IT administrator’s choice to block active content will now always take precedence over end-user set trusted documents.
This message is associated with Microsoft 365 Roadmap ID 85574.
When will this happen?
Note: This change is released to Insiders in build 2110.
Current channel: Microsoft will begin rolling this out in early February and expect to complete rollout early May.
How will this change affect your organization?
The expected impact is when a user opens a previously trusted file with active content that’s enabled. If there’s a policy set by their IT administrator or a trust center setting blocking the active content, the content will remain blocked.
- When this happens, Microsoft will display a business bar with a “Learn more” button that leads to a link explaining the change in behavior and links to Commercial guidance for IT Administrators.
Microsoft has also added a backstage slab for all files containing active content displaying the trust scenario of the file.
- This backstage notification particularly helps in the situation where the IT administrator has blocked all Trust bar notifications with the policy “Disable all Trust Bar notifications for security issues”.
- For these impacted users with no business bar notification, they can select File/Info and see the backstage Security Information describing the trust scenario for the file.
What do I need to do to prepare for this change?
You might want to notify your users about this change and update your training and documentation as appropriate.