Microsoft will change how Office handles Trusted Documents to improve security

Laptop with Office 365
Laptop with Office 365 (Image credit: Windows Central)

What you need to know

  • Microsoft will change how Office 365 handles Trusted Documents.
  • Trusted Documents can contain active content that can run regardless of IT admin policies.
  • Following an upcoming change, IT admin policies will always take precedence over Trusted Documents.

Microsoft is working to secure how Office handles Trusted Documents. These types of documents contain controls that can run without user interaction, including ActiveX controls, Dynamic data Exchange functions, and macros. These files are often used for innocent purposes but can be used as part of attacks by threat actors.

At the moment, Trusted Documents can override Protected View safeguards, but that won't be the case in the future.

"We are changing the behavior of Office applications to enforce policies that block Active Content (ex. macros, ActiveX, DDE) on Trusted Documents," reads the Microsoft 365 roadmap. "Previously, Active Content was allowed to run in Trusted Documents even when an IT administrator had set a policy to block it. As part of ongoing Office security hardening, the IT administrator's choice to block Active Content will now always take precedence over end-user set trusted documents."

Latest Videos From

Security risks stem from the fact that Trusted Documents can bypass policies set by IT administrators. Following the outlined change, Trusted Documents will follow set IT admin policies. This is a logical change as it moves decisions related to security to IT admins rather than end-users.

Attacks utilizing documents to fool people are nothing new. A recently discovered malware campaign used a Word document that tried to trick people into activating malicious code. The attack utilized a document that falsely claimed to be made with "Windows 11 Alpha." People could be fooled into thinking that they had to follow prompts from the document to make it work on their PC.

The roadmap states that the feature is in development and that it could arrive in October 2021, but dates on the Microsoft 365 roadmap are always subject to change.

Sean Endicott
News Writer

Sean Endicott is a News Writer at Windows Central, where he covers Windows 11, Surface hardware, Microsoft 365, AI, apps, and the broader PC ecosystem. Since joining the site in 2017, he has written well over a thousand articles across the Microsoft landscape, covering breaking news, analysis, and feature reporting.

He writes Windows Wrap, a weekly column covering the biggest stories in Windows and the PC industry, and what they mean for the platform going forward.

Before joining Windows Central full-time, Sean worked in journalism and media production after earning a First Class degree in Broadcast Journalism from Nottingham Trent University. Outside of tech, he is an award-winning American football coach based in Nottingham, England, and was named BAFCA Youth Coach of the Year in 2024.