Policy
Encryption type for password protected Office Open XML files
Microsoft Office 5532.1000
Policy overview
Key metadata and intent for this policy.
This policy setting allows you to specify an encryption type for Office Open XML files. If you enable this policy setting, you can specify the type of encryption that Office applications use to encrypt password-protected files in the Office Open XML file formats used by Excel, PowerPoint, and Word. The chosen encryption type must have a corresponding cryptographic service provider (CSP) installed on the computer that encrypts the file. See the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\ registry key for a list of CSPs installed on the local computer. Specify the encryption type to use by entering it in the provided text box in the following form: <Encryption Provider>,<Encryption Algorithm>,<Encryption Key Length> For example: Microsoft Enhanced Cryptographic Provider v1.0,RC4,128 If you disable or do not configure this policy setting, the default CSP is used. The default cryptographic service provider (CSP) is Microsoft Enhanced RSA and AES Cryptographic Provider, AES-128, 128-bit. Note: This policy setting does not take effect unless the registry key HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\<office application name>\Security\Crypto\CompatMode is set to 0. By default the CompatMode registry key is set to 1.
Registry values
How enabled and disabled states update the registry.
No explicit registry values are set for enabled or disabled states.
Policy elements
Inputs and configuration options exposed by this policy.
| Element | Type | Registry mapping | Constraints & behavior |
|---|---|---|---|
Encryption type: ID L_Encryptiontypecolon | text | HKCU\software\policies\microsoft\office\16.0\common\security\openxmlencryption Type REG_SZ | None |
Other policies in this category
Explore related policies at the same level.
- UserActiveX Control InitializationWindows7
- UserAllow Basic Authentication prompts from network proxiesWindows7
- UserAllow file extensions for OLE embeddingWindows7
- UserAllow root or intermediate certificates as VBA trusted publishersWindows 10
- UserAllow specified hosts to show Basic Authentication prompts to Office appsWindows7
- UserAllow VBA to load typelib references by path from untrusted intranet locationsWindows 10
- UserAutomation SecurityWindows7
- UserBlock additional file extensions for OLE embeddingWindows7
- UserBlock all internet macros (ignore trusted locations or publishers)Windows 10
- UserBlock Insecure ProtocolsWindows7
- UserBlock loading of COM/VSTO add-ins registered in HKCUWindows 10
- UserBlock OLE GraphWindows7