Microsoft Office 365 ProPlus Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Publisher must be configured to prompt the user when another application programmatically opens a macro.
This policy setting controls whether the specified Office application notifies users when unsigned application add-ins are loaded or silently disable such add-ins without notification. This policy ...Rule Medium Severity -
Publisher must disable all unsigned VBA macros.
This policy setting controls how the specified applications warn users when Visual Basic for Applications (VBA) macros are present. If this policy setting is enabled, users can choose from four op...Rule Medium Severity -
Visio must automatically disable unsigned add-ins without informing users.
This policy setting controls whether the specified Office application notifies users when unsigned application add-ins are loaded or silently disable such add-ins without notification. This policy ...Rule Medium Severity -
Visio 2003-2010 Binary Drawings, Templates and Stencils must be blocked.
This policy setting allows you to determine whether users can open or save Visio files with the format specified by the title of this policy setting. If you enable this policy setting, you can spe...Rule Medium Severity -
Visio 5.0 or earlier Binary Drawings, Templates and Stencils must be blocked.
This policy setting allows you to determine whether users can open or save Visio files with the format specified by the title of this policy setting. If you enable this policy setting, you can spe...Rule Medium Severity -
Macros must be blocked from running in Visio files from the Internet.
This policy setting allows you to block macros from running in Office files that come from the Internet. If you enable this policy setting, macros are blocked from running, even if “Enable all mac...Rule Medium Severity -
In Word, encrypted macros must be scanned.
This policy setting controls whether encrypted macros in Open XML documents be are required to be scanned with anti-virus software before being opened. If you enable this policy setting, you may c...Rule Medium Severity -
Files located in unsafe locations must be opened in Protected view in Word.
This policy setting lets you determine if files located in unsafe locations will open in Protected View. If you have not specified unsafe locations, only the "Downloaded Program Files" and "Tempora...Rule Medium Severity -
If file validation fails, files must be opened in Protected view in Word with ability to edit disabled.
This policy setting controls how Office handles documents when they fail file validation. If you enable this policy setting, you can configure the following options for files that fail file valid...Rule Medium Severity -
Open/Save of Word 2000 binary documents and templates must be blocked.
This policy setting allows you to determine whether users can open, view, edit, or save Word files with the format specified by the title of this policy setting. If you enable this policy setting, ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.