Policy
Security setting for macros
Microsoft Office 5532.1000
Policy overview
Key metadata and intent for this policy.
This policy setting controls the security level for macros in Outlook. If you enable this policy setting, you can choose from four options for handling macros in Outlook: - Always warn. This option corresponds to the "Notifications for all macros" option in the "Macro Settings" section of the Outlook Trust Center. Outlook disables all macros that are not opened from a trusted location, even if the macros are signed by a trusted publisher. For each disabled macro, Outlook displays a security alert dialog box with information about the macro and its digital signature (if present), and allows users to enable the macro or leave it disabled. - Never warn, disable all. This option corresponds to the "Disable all macros without notification" option in the Trust Center. Outlook disables all macros that are not opened from trusted locations, and does not notify users. - Warning for signed, disable unsigned. This option corresponds to the "Notifications for digitally signed macros, all other macros disabled" option in the Trust Center. Outlook handles macros as follows: --If a macro is digitally signed by a trusted publisher, the macro can run if the user has already trusted the publisher. --If a macro has a valid signature from a publisher that the user has not trusted, the security alert dialog box for the macro lets the user choose whether to enable the macro for the current session, disable the macro for the current session, or to add the publisher to the Trusted Publishers list so that it will run without prompting the user in the future. --If a macro does not have a valid signature, Outlook disables it without prompting the user, unless it is opened from a trusted location. This option is the default configuration in Outlook. - No security check. This option corresponds to the "Enable all macros (not recommended; potentially dangerous code can run)" option in the Trust Center. Outlook runs all macros without prompting users. This configuration makes users' computers vulnerable to potentially malicious code and is not recommended. If you disable or do not configure this policy setting, the behavior is the equivalent of Enabled -- Warning for signed, disable unsigned.
Registry values
How enabled and disabled states update the registry.
No explicit registry values are set for enabled or disabled states.
Policy elements
Inputs and configuration options exposed by this policy.
| Element | Type | Registry mapping | Constraints & behavior |
|---|---|---|---|
Security Level ID L_SecurityLevel | enum | HKCU\software\policies\microsoft\office\16.0\outlook\security\level Type REG_DWORD | Options: Always warn (2), Never warn, disable all (4), Warn for signed, disable unsigned (3), No security check (1) |
Other policies in this category
Explore related policies at the same level.
- UserAllow hyperlinks in suspected phishing e-mail messagesWindows7
- UserApply macro security settings to macros, add-ins and additional actionsWindows7
- UserBlock processing of S/MIME encrypted messages by certain connected experiencesWindows7
- UserBlock send when web add-ins can't loadWindows7
- UserShow Outlook Loop components for supported apps.Windows7
- UserSpecify activation disabling threshold for web extensionsWindows7
- UserSpecify activation manager retry limit for web extensionsWindows7
- UserSpecify alert interval for web extensionsWindows7
- UserSpecify Outlook memory alert threshold for web extensionsWindows7
- UserSpecify the number of restarts attempted for a running web extensionWindows7