Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Microsoft Office 365 ProPlus Security Technical Implementation Guide
SRG-APP-000207
SRG-APP-000207
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
SRG-APP-000207
1 Rule
<GroupDescription></GroupDescription>
WEBSERVICE Function Notification in Excel must be configured to disable all, with notifications.
Medium Severity
<VulnDiscussion>This policy setting controls how Excel will warn users when WEBSERVICE functions are present. If you enable this policy setting, you can choose from three options for determining how the specified applications will warn the user about WEBSERVICE functions: - Disable all with notification: The application displays the Trust Bar for all WEBSERVICE functions. This option enforces the default configuration in Office. - Disable all without notification: The application disables all WEBSERVICE functions and does not notify users. - Enable all WEBSERVICE functions (not recommended): The application enables all WEBSERVICE functions and does not notify users. This option can significantly reduce security by allowing information disclosure to third-party web services. If you disable this policy setting, the “Disable all with notification” will be the default setting. If you do not configure this policy setting, when users open workbooks that contain WEBSERVICE functions, Excel will open the files with the WEBSERVICE functions disabled and display the Trust Bar with a warning that WEBSERVICE functions are present and have been disabled. Users can inspect and edit the files if appropriate, but cannot use any disabled functionality until they enable it by clicking "Enable Content" on the Trust Bar. If the user clicks "Enable Content," then the document is added as a trusted document.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>