Policy
Configure legacy hashing algorithm
Microsoft Office
Policy overview
Key metadata and intent for this policy.
This policy setting allows you to configure whether Office displays a digital signature as legacy when it contains specific hash algorithms. If you enable this policy setting, you can specify the weakest hash algorithm that Office treats as legacy. You can specify any of the following algorithms: - MD5 - SHA1 - SHA256 - SHA384 If you don’t configure this policy setting, Office treats digital signatures containing SHA1 or better as valid. For example, if you set SHA256 as the legacy hashing algorithm, Office treats SHA384 signatures as valid.
Registry values
How enabled and disabled states update the registry.
No explicit registry values are set for enabled or disabled states.
Policy elements
Inputs and configuration options exposed by this policy.
| Scope | Element | Type | Registry mapping | Constraints & behavior | Copy |
|---|---|---|---|---|---|
| User | L_SelectDigitalSignatureHashingAlgorithmDropID ID L_SelectDigitalSignatureHashingAlgorithmDropID | enum | Path software\policies\microsoft\office\16.0\common\signatures Value name legacyhashalg Type REG_SZ | Options: MD5 (md5), SHA1 (sha1), SHA256 (sha256), SHA384 (sha384) |