Jump to content

Policy to Excel Macros blocking


Go to solution Solved by Marcos,

Recommended Posts

Dear Bro,

I would to blocking Macros to prevent user to add or execute it for OFFICE , I did On policy and enable the Document Protection but does not worked , Also Enable HIPS Settings  with the below rules not effected , There are anyone have idea how to do it ?

image.thumb.png.df11df310298c71a2c19f78642186b4e.png

 

Link to comment
Share on other sites

  • Administrators
  • Solution

You can block Office macros without using Defender’s Attack Surface Reduction (ASR) rules by configuring Group Policy settings or using Microsoft Intune. Here are some methods:

Group Policy

  1. Open Group Policy Management: On your domain controller, open the Group Policy Management Console (GPMC).
  2. Create or Edit a GPO: Create a new Group Policy Object (GPO) or edit an existing one.
  3. Navigate to Office Settings:
    • For Office 2016 or later: User Configuration > Administrative Templates > Microsoft Office 2016 > Security Settings
  4. Configure Macro Settings:
    • Disable all macros without notification: This setting will block all macros and prevent users from being notified.
    • Block macros from running in Office files from the internet: This setting blocks macros in files that come from the internet, which is a common source of malicious macros.

Microsoft Intune

  1. Create a Configuration Profile:
    • Go to Devices > Configuration profiles > Create profile.
    • Select Windows 10 and later as the platform and Administrative Templates as the profile type.
  2. Configure Office Macro Settings:
    • Navigate to the settings for each Office application (e.g., Excel, Word).
    • Set Disable all macros without notification and Block macros from running in Office files from the internet.

Additional Measures

  • Trusted Locations: Only allow macros to run from trusted locations. This can be configured in the Trust Center settings of each Office application.
  • Digital Signatures: Require macros to be signed by a trusted publisher. This ensures that only macros from verified sources can run.

By implementing these settings, you can effectively block macros and enhance the security of your Office applications without relying on Defender ASR rules.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...