This article is contributed. See the original author and article here.
We’ve reviewed the new settings released for Office since the last security baseline (v2104) and determined there are no additional security settings that require enforcement. Please continue to use the Security baseline for Microsoft 365 Apps for enterprise v2104 -FINAL which can be downloaded from the Microsoft Security Compliance Toolkit.
New Office policies are contained in the Administrative Template files (ADMX/ADML) version 5179 published on 6/7/2021 which introduced 7 new user settings. We have attached a spreadsheet listing the new settings to make it easier for you to find them.
Only trust VBA macros that use V3 signatures (Worth considering)
Microsoft discovered a vulnerability in Office Visual Basic for Applications (VBA) macro project signing which might enable a malicious user to tamper with a signed VBA project without invalidating its digital signature. This blog post explains how VBA macros signed with legacy signatures do not offer strong enough protection against a malicious actor looking to compromise the files integrity.
Admins should consider upgrading the existing VBA signatures to the V3 signature as soon as possible after they upgrade Office to the supported product versions, see instructions in the links below. Once this is complete you can disable the old VBA signatures by enabling the ”Only trust VBA macros that use V3 signatures” policy setting.
- Instructions on how to upgrade Office VBA macro signatures:
- Upgrade signed Office VBA macro projects to V3 signature – Microsoft 365 Developer Blog
- Upgrade signed Office VBA macro projects to V3 signature (KB5000676) (microsoft.com)
If you have questions or issues, please let us know via the Security Baseline Community or this post.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.