Require trusted publisher signatures for macros that are always loaded

Supported OS tags: Windows10

This policy setting controls signature requirements for macros that are automatically loaded when Office applications start. Macros that are always loaded include VBA add-ins and templates that load automatically: Excel add-ins (xla/xlam), PowerPoint add-ins (ppa/ppam), Access add-ins (accda/mda), and Word templates (dot/dotm). If you enable this policy setting: - Unsigned macros that are always loaded are silently disabled and don't load. - Signed but untrusted macros that are always loaded display a red Message Bar with no option for users to enable them for the current session. - Macros signed by a trusted publisher are allowed to always load. If you disable or don't configure this policy setting, macros that are always on can load without requiring trusted publisher signatures.

This policy has no additional user input fields.

• User
  ActiveX Control Initialization

  Windows7
• User
  Allow Basic Authentication prompts from network proxies

  Windows7
• User
  Allow file extensions for OLE embedding

  Windows7
• User
  Allow root or intermediate certificates as VBA trusted publishers

  Windows 10
• User
  Allow specified hosts to show Basic Authentication prompts to Office apps

  Windows7
• User
  Allow VBA to load typelib references by path from untrusted intranet locations

  Windows 10
• User
  Automation Security

  Windows7
• User
  Block additional file extensions for OLE embedding

  Windows7
• User
  Block all internet macros (ignore trusted locations or publishers)

  Windows 10
• User
  Block Insecure Protocols

  Windows7
• User
  Block loading of COM/VSTO add-ins registered in HKCU

  Windows 10
• User
  Block OLE Graph

  Windows7