The following Group Policy settings can be implemented depending on an organisation’s desired approach to managing macros in Microsoft Office files.
| Group Policy Setting | All Macros Disabled | Only Macros from Trusted Locations | Only Macros Digitally Signed by Trusted Publishers |
| Computer Configuration\Policies\Administration Templates\Windows Components\Internet Explorer\Internet Control Panel |
| Disable the Content page | N/A | N/A | Enabled |
| User Configuration\Administrative Templates\Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins |
| Certificates | N/A | N/A | Disabled |
| Group Policy Setting | All Macros Disabled | Only Macros from Trusted Locations | Only Macros Digitally Signed by Trusted Publishers |
| User Configuration\Policies\Administration Templates\Microsoft Office 2016\Security Settings |
| Automation Security | EnabledSet the Automation Security level: Disable macros by default | EnabledSet the Automation Security level: Use application macro security level | EnabledSet the Automation Security level: Use application macro security level |
| Disable all Trust Bar notifications for security issues | N/A | N/A | Enabled |
| Disable VBA for Office applications | Enabled | Disabled | Disabled |
| Macro Runtime Scan Scope | N/A | Enable for all documents | Enable for all documents |
| User Configuration\Policies\Administration Templates\Microsoft Office 2016\Security Settings\Trust Center |
| Allow mix of policy and user locations | Disabled | Disabled | Disabled |
| Group Policy Setting | All Macros Disabled | Only Macros from Trusted Locations | Only Macros Digitally Signed by Trusted Publishers |
| User Configuration\Policies\Administration Templates\Microsoft Access 2016\Application Settings\Security\Trust Center |
| Turn off trusted documents | Enabled | Enabled | Enabled |
| Turn off Trusted Documents on the network | Enabled | Enabled | Enabled |
| VBA Macro Notification Settings | EnabledDisable all without notification | EnabledDisable all without notification | EnabledDisable all except digitally signed macros |
| User Configuration\Policies\Administration Templates\Microsoft Access 2016\Application Settings\Security\Trust Center\Trusted Locations |
| Allow Trusted Locations on the network | Disabled | Enabled | Disabled |
| Disable all trusted locations | Enabled | Disabled | Enabled |
| User Configuration\Policies\Administration Templates\Microsoft Access 2016\Disable Items in User Interface\Custom |
| Disable commands | N/A | N/A | EnabledEnter a command bar ID to disable: 19092 |
| Group Policy Setting | All Macros Disabled | Only Macros from Trusted Locations | Only Macros Digitally Signed by Trusted Publishers |
| User Configuration\Policies\Administration Templates\Microsoft Excel 2016\Disable Items in User Interface\Custom |
| Disable commands | N/A | N/A | EnabledEnter a command bar ID to disable: 19092 |
| User Configuration\Policies\Administration Templates\Microsoft Excel 2016\Excel Options\Security |
| Scan encrypted macros in Excel Open XML workbooks | N/A | Scan encrypted macros (default) | Scan encrypted macros (default) |
| User Configuration\Policies\Administration Templates\Microsoft Excel 2016\Excel Options\Security\Trust Center |
| Block macros from running in Office files from the Internet | N/A | Enabled | Enabled |
| Trust access to Visual Basic Project | Disabled | Disabled | Disabled |
| Turn off trusted documents | Enabled | Enabled | Enabled |
| Turn off Trusted Documents on the network | Enabled | Enabled | Enabled |
| VBA Macro Notification Settings | EnabledDisable all without notification | EnabledDisable all without notification | EnabledDisable all except digitally signed macros |
| User Configuration\Policies\Administration Templates\Microsoft Excel 2016\Excel Options\Security\Trust Center\Trusted Locations |
| Allow Trusted Locations on the network | Disabled | Enabled | Disabled |
| Disable all trusted locations | Enabled | Disabled | Enabled |
| Group Policy Setting | All Macros Disabled | Only Macros from Trusted Locations | Only Macros Digitally Signed by Trusted Publishers |
| User Configuration\Policies\Administration Templates\Microsoft Outlook 2016\Disable Items in User Interface\Custom |
| Disable commands | N/A | N/A | EnabledEnter a command bar ID to disable: 19092 |
| User Configuration\Policies\Administration Templates\Microsoft Outlook 2016\Security\Trust Center |
| Apply macro security settings to macros, add-ins and additional actions | Enabled | Enabled | Enabled |
| Security settings for macros | EnabledSecurity Level: Never warn, disable all | EnabledSecurity Level: Never warn, disable all | EnabledSecurity Level: Warn for signed, disable unsigned |
| Group Policy Setting | All Macros Disabled | Only Macros from Trusted Locations | Only Macros Digitally Signed by Trusted Publishers |
| User Configuration\Policies\Administration Templates\Microsoft PowerPoint 2016\Disable Items in User Interface\Custom |
| Disable commands | N/A | N/A | EnabledEnter a command bar ID to disable: 19092 |
| User Configuration\Policies\Administration Templates\Microsoft PowerPoint 2016\PowerPoint Options\Security |
| Scan encrypted macros in PowerPoint Open XML presentations | N/A | Scan encrypted macros (default) | Scan encrypted macros (default) |
| User Configuration\Policies\Administration Templates\Microsoft PowerPoint 2016\PowerPoint Options\Security\Trust Center |
| Block macros from running in Office files from the Internet | N/A | Enabled | Enabled |
| Trust access to Visual Basic Project | Disabled | Disabled | Disabled |
| Turn off trusted documents | Enabled | Enabled | Enabled |
| Turn off Trusted Documents on the network | Enabled | Enabled | Enabled |
| VBA Macro Notification Settings | EnabledDisable all without notification | EnabledDisable all without notification | EnabledDisable all except digitally signed macros |
| User Configuration\Policies\Administration Templates\Microsoft PowerPoint 2016\PowerPoint Options\Security\Trust Center\Trusted Locations |
| Allow Trusted Locations on the network | Disabled | Enabled | Disabled |
| Disable all trusted locations | Enabled | Disabled | Enabled |
| Group Policy Setting | All Macros Disabled | Only Macros from Trusted Locations | Only Macros Digitally Signed by Trusted Publishers |
| User Configuration\Policies\Administration Templates\Microsoft Project 2016\Project Options\Security\Trust Center |
| Allow Trusted Locations on the network | Disabled | Enabled | Disabled |
| Disable all trusted locations | Enabled | Disabled | Enabled |
| VBA Macro Notification Settings | EnabledDisable all without notification | EnabledDisable all without notification | EnabledDisable all except digitally signed macros |
| Group Policy Setting | All Macros Disabled | Only Macros from Trusted Locations | Only Macros Digitally Signed by Trusted Publishers |
| User Configuration\Policies\Administration Templates\Microsoft Publisher 2016\Disable Items in User Interface\Custom |
| Disable commands | N/A | N/A | EnabledEnter a command bar ID to disable: 19092 |
| User Configuration\Policies\Administration Templates\Microsoft Publisher 2016\Security |
| Publisher Automation Security Level | EnabledHigh (disabled) | EnabledHigh (disabled) | EnabledBy UI (prompted) |
| User Configuration\Policies\Administration Templates\Microsoft Publisher 2016\Security\Trust Center |
| VBA Macro Notification Settings | EnabledDisable all without notification | EnabledDisable all without notification | EnabledDisable all except digitally signed macros |
| Group Policy Setting | All Macros Disabled | Only Macros from Trusted Locations | Only Macros Digitally Signed by Trusted Publishers |
| User Configuration\Policies\Administration Templates\Microsoft Visio 2016\Disable Items in User Interface\Custom |
| Disable commands | N/A | N/A | EnabledEnter a command bar ID to disable: 19092 |
| User Configuration\Policies\Administration Templates\Microsoft Visio 2016\Visio Options\Security\Macro Security |
| Enable Microsoft Visual Basic for Applications project creation | Disabled | Disabled | Disabled |
| Load Microsoft Visual Basic for Applications projects from text | Disabled | Disabled | Disabled |
| User Configuration\Policies\Administration Templates\Microsoft Visio 2016\Visio Options\Security\Trust Center |
| Allow Trusted Locations on the network | Disabled | Enabled | Disabled |
| Block macros from running in Office files from the Internet | N/A | Enabled | Enabled |
| Disable all trusted locations | Enabled | Disabled | Enabled |
| Turn off trusted documents | Enabled | Enabled | Enabled |
| Turn off Trusted Documents on the network | Enabled | Enabled | Enabled |
| VBA Macro Notification Settings | EnabledDisable all without notification | EnabledDisable all without notification | EnabledDisable all except digitally signed macros |
| Group Policy Setting | All Macros Disabled | Only Macros from Trusted Locations | Only Macros Digitally Signed by Trusted Publishers |
| User Configuration\Policies\Administration Templates\Microsoft Word 2016\Disable Items in User Interface\Custom |
| Disable commands | N/A | N/A | EnabledEnter a command bar ID to disable: 19092 |
| User Configuration\Policies\Administration Templates\Microsoft Word 2016\Word Options\Security |
| Scan encrypted macros in Word Open XML documents | N/A | Scan encrypted macros (default) | Scan encrypted macros (default) |
| User Configuration\Policies\Administration Templates\Microsoft Word 2016\Word Options\Security\Trust Center |
| Block macros from running in Office files from the Internet | N/A | Enabled | Enabled |
| Trust access to Visual Basic Project | Disabled | Disabled | Disabled |
| Turn off trusted documents | Enabled | Enabled | Enabled |
| Turn off Trusted Documents on the network | Enabled | Enabled | Enabled |
| VBA Macro Notification Settings | EnabledDisable all without notification | EnabledDisable all without notification | EnabledDisable all except digitally signed macros |
| User Configuration\Policies\Administration Templates\Microsoft Word 2016\Word Options\Security\Trust Center\Trusted Locations |
| Allow Trusted Locations on the network | Disabled | Enabled | Disabled |
| Disable all trusted locations | Enabled | Disabled | Enabled |
