Microsoft will change how Office handles Trusted Documents to improve security

Laptop with Office 365
Laptop with Office 365 (Image credit: Windows Central)

What you need to know

  • Microsoft will change how Office 365 handles Trusted Documents.
  • Trusted Documents can contain active content that can run regardless of IT admin policies.
  • Following an upcoming change, IT admin policies will always take precedence over Trusted Documents.

Microsoft is working to secure (opens in new tab) how Office handles Trusted Documents. These types of documents contain controls that can run without user interaction, including ActiveX controls, Dynamic data Exchange functions, and macros. These files are often used for innocent purposes but can be used as part of attacks by threat actors.

At the moment, Trusted Documents can override Protected View safeguards, but that won't be the case in the future.

"We are changing the behavior of Office applications to enforce policies that block Active Content (ex. macros, ActiveX, DDE) on Trusted Documents," reads the Microsoft 365 roadmap. "Previously, Active Content was allowed to run in Trusted Documents even when an IT administrator had set a policy to block it. As part of ongoing Office security hardening, the IT administrator's choice to block Active Content will now always take precedence over end-user set trusted documents."

Security risks stem from the fact that Trusted Documents can bypass policies set by IT administrators. Following the outlined change, Trusted Documents will follow set IT admin policies. This is a logical change as it moves decisions related to security to IT admins rather than end-users.

Attacks utilizing documents to fool people are nothing new. A recently discovered malware campaign used a Word document that tried to trick people into activating malicious code. The attack utilized a document that falsely claimed to be made with "Windows 11 Alpha." People could be fooled into thinking that they had to follow prompts from the document to make it work on their PC.

The roadmap states that the feature is in development and that it could arrive in October 2021, but dates on the Microsoft 365 roadmap are always subject to change.

Sean Endicott
News Writer and apps editor

Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at sean.endicott@futurenet.com (opens in new tab).

1 Comment
  • Microsoft may need to look into completely replacing some of these features that permit malicious manipulation.