Policy
Control how Office handles form-based sign-in prompts
Microsoft Office 5532.1000
Policy overview
Key metadata and intent for this policy.
This policy setting controls how Office applications handle form-based sign-in prompts. If you enable this policy setting, you must choose one of the following options: Block all prompts Ask the user what to do for each new host Show prompts only from allowed hosts If you select “Block all prompts” then no form-based sign-in prompts are shown to the user and the user is shown a message that the sign-in method isn’t allowed. If you select “Ask the user what do for each new host” then the user is asked for each new host whether the user wants to sign-in to the host. If the user has previously signed-in to a host, a form-based sign-in prompt is shown for that host. Also, form-based sign-in prompts are shown for any hosts specified by the “Specify hosts allowed to show form-based sign-in prompts to users” setting. If you select “Show prompts only from allowed hosts” then form-based sign-in prompts are shown only from hosts that have been specified by the additional “Specify hosts allowed to show form-based sign-in prompts to users” setting. Form-based sign-in prompts from all other hosts are blocked and the user is shown a message that the sign-in method isn’t allowed. Note: If you don’t configure the “Specify hosts allowed to show form-based sign-in prompts to users” setting or don’t specify any hosts in that setting, then the behavior of the “Show prompts only from allowed hosts” option will be the same as if you selected the “Block all prompts” option. If you disable or don’t configure this policy setting, all form-based sign-in prompts are blocked and the user is shown a message that the sign-in method isn’t allowed. But users are able to change the behavior for form-based sign-in prompts by going to File > Options > Trust Center > Trust Center Settings > Form-based sign-in. Note: This policy setting only applies to subscription versions of Office, such as Microsoft 365 Apps for enterprise, and to subscription versions of Project and Visio.
Registry values
How enabled and disabled states update the registry.
No explicit registry values are set for enabled or disabled states.
Policy elements
Inputs and configuration options exposed by this policy.
| Element | Type | Registry mapping | Constraints & behavior |
|---|---|---|---|
Specify hosts allowed to show form-based sign-in prompts to users: ID L_AuthenticationFBAEnabledHostsID | text | HKCU\software\policies\microsoft\office\16.0\common\fbaenabledhosts Type REG_SZ | None |
Behavior: ID L_authenticationFBABehaviorEnum | enum | HKCU\software\policies\microsoft\office\16.0\common\fbabehavior Type REG_DWORD | Options: Block all prompts (1), Ask the user what to do for each new host (2), Show prompts only from allowed hosts (3) |
Other policies in this category
Explore related policies at the same level.
- UserActiveX Control InitializationWindows7
- UserAllow Basic Authentication prompts from network proxiesWindows7
- UserAllow file extensions for OLE embeddingWindows7
- UserAllow root or intermediate certificates as VBA trusted publishersWindows 10
- UserAllow specified hosts to show Basic Authentication prompts to Office appsWindows7
- UserAllow VBA to load typelib references by path from untrusted intranet locationsWindows 10
- UserAutomation SecurityWindows7
- UserBlock additional file extensions for OLE embeddingWindows7
- UserBlock all internet macros (ignore trusted locations or publishers)Windows 10
- UserBlock Insecure ProtocolsWindows7
- UserBlock loading of COM/VSTO add-ins registered in HKCUWindows 10
- UserBlock OLE GraphWindows7