Policy
Enable macro trust levels
Microsoft Office 5532.1000
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10
This policy setting controls whether macro trust levels are enabled, which classifies VBA macros into four security levels based on file location and digital signature status. If you enable this policy setting, VBA macros will be classified into the following trust levels with corresponding user experiences: - Lowest (Most Trusted): Files signed by a trusted publisher, saved to a trusted location, or unsaved files. - User Experience: No Message Bar displayed, macros load normally. - Lower: Files opened from a connected personal or business OneDrive account, connected SharePoint location, or local OneDrive folders. - User Experience: Yellow Message Bar with Enable Content option. - Moderate: Files opened from intranet locations, or signed with an extended validation (EV) certificate but not by a trusted publisher. - User Experience: Yellow Message Bar with a Learn More option. This encourages security awareness by requiring additional steps before enabling macros. - Highest (Least Trusted): All other files. - User Experience: Red Message Bar with macros blocked. When enabled, unsaved files containing macros will display a warning dialog when users attempt to save the file to local disk, informing them that saving locally may block macro execution when the file is reopened. If you disable or don't configure this policy setting, macro trust levels are not enabled and the standard macro security behavior applies.
Registry values
How enabled and disabled states update the registry.
| Registry location | Type | Enabled value | Disabled value |
|---|---|---|---|
| HKCU\software\policies\microsoft\office\16.0\common\security\enablemacrotrustlevel | REG_DWORD | 1 | 0 |
Policy elements
Inputs and configuration options exposed by this policy.
This policy has no additional user input fields.
Other policies in this category
Explore related policies at the same level.
- UserActiveX Control InitializationWindows7
- UserAllow Basic Authentication prompts from network proxiesWindows7
- UserAllow file extensions for OLE embeddingWindows7
- UserAllow root or intermediate certificates as VBA trusted publishersWindows 10
- UserAllow specified hosts to show Basic Authentication prompts to Office appsWindows7
- UserAllow VBA to load typelib references by path from untrusted intranet locationsWindows 10
- UserAutomation SecurityWindows7
- UserBlock additional file extensions for OLE embeddingWindows7
- UserBlock all internet macros (ignore trusted locations or publishers)Windows 10
- UserBlock Insecure ProtocolsWindows7
- UserBlock loading of COM/VSTO add-ins registered in HKCUWindows 10
- UserBlock OLE GraphWindows7