For more information, see Office Customization Tool (OCT) 2016 Help: Office security settings. For more information, see Tools available to manage policies.įor volume licensed versions of Office 2016, such as Office Professional Plus 2016, you can use the Office Customization Tool (OCT) to configure Trusted Locations. You can use Cloud Policy, the Microsoft Intune admin center, or the Group Policy Management Console to configure and deploy policy settings to users in your organization. There are several policies that you can use to manage Trusted Locations in your organization. That is, grant Read permission to those users who don't have to change the files in the Trusted Locations and grant Full Control permission to those users who have to edit files. ![]() If a folder is shared, configure sharing permissions so that only authorized users have access to the shared folder.īe sure to use the principle of least privilege and grant permissions that are appropriate to a user. You can use the Trusted Location #1 policy to designate Trusted Locations for your users.ĭetermine folder sharing and folder security settings for Trusted Location foldersĪll folders that you specify as Trusted Locations must be secured to prevent malicious users from adding or modifying files in a Trusted Location. One or more applications can use the same Trusted Location. Instead, create a subfolder within those folders and specify only that folder as a Trusted Location. For example, the C: drive or the My Documents folder. We don't recommend that users specify root folders as Trusted Locations. Network locations can also be set as a Trusted Location, but it's not recommended. For more information, see Add, remove, or change a trusted location.īy default, only Trusted Locations local to the user's device are allowed. Unless blocked by policy, users can create and modify Trusted Locations in the Trust Center for their Office app. Here are some considerations to keep in mind when determining which folders to use as Trusted Locations: Determine the folders to designate as Trusted Locations ![]() ![]() Policies are also available for Project, but Project doesn't have Trusted Locations settings in the Trust Center. It’s important to choose the scenarios that are best for your organization and its security risk tolerance. Use policy to centrally manage Trusted Locations.Use policy to prevent users from creating Trusted Locations.Allow end users to create Trusted Locations on their device or network themselves.There are different levels of trust you can allow in your organization for Trusted Locations: Files that are opened from Trusted Locations skip file validation checks, File Block checks, and don't open in Protected View or Application Guard. This includes add-ins, ActiveX controls, hyperlinks, links to data sources and media, and VBA macros. Trusted Locations affect all content in a file. ![]() Then, if needed, control Trusted Locations centrally through policy and don't allow users to set Trusted Locations themselves. In the security baseline for Microsoft 365 Apps for enterprise, the guidance is to disable network-based Trusted Locations. Therefore, Trusted Locations should be used rarely, for unique situations and only for select users. The following diagram shows the trust workflow for opening Office files.Īs shown in Step 2, files in Trusted Locations bypass all other security and policy checks. It’s important to trust the original source of the file when you save it to a Trusted Location, since all active content will be enabled, and users won’t be notified about any potential security risks. This means files saved in Trusted Locations aren't opened in Protected View or Application Guard.Īctive content can include unsigned add-ins, VBA macros, connections to external data and more. These files bypass threat protection services, bypass file block settings, and all active content is enabled. Trusted Locations is a feature of Office where files contained in these folders are assumed safe, such as files you create yourself or saved from a trustworthy source. Applies to: Microsoft 365 Apps, Office LTSC 2021, Office 2019, and Office 2016
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |