Blog Post

Microsoft Security Baselines Blog
2 MIN READ

Security baseline for Microsoft 365 Apps for enterprise v2106 - FINAL

Rick_Munck's avatar
Rick_Munck
Icon for Microsoft rankMicrosoft
Jun 29, 2021

We've reviewed the new settings released for Office since the last security baseline (v2104) and determined there are no additional security settings that require enforcement. Please continue to use the Security baseline for Microsoft 365 Apps for enterprise v2104 -FINAL which can be downloaded from the Microsoft Security Compliance Toolkit

 

New Office policies are contained in the Administrative Template files (ADMX/ADML) version 5179 published on 6/7/2021 which introduced 7 new user settings. We have attached a spreadsheet listing the new settings to make it easier for you to find them. 

 

Only trust VBA macros that use V3 signatures (Worth considering) 

Microsoft discovered a vulnerability in Office Visual Basic for Applications (VBA) macro project signing which might enable a malicious user to tamper with a signed VBA project without invalidating its digital signature. This blog post explains how VBA macros signed with legacy signatures do not offer strong enough protection against a malicious actor looking to compromise the files integrity. 

  

Admins should consider upgrading the existing VBA signatures to the V3 signature as soon as possible after they upgrade Office to the supported product versions, see instructions in the links below. Once this is complete you can disable the old VBA signatures by enabling the "Only trust VBA macros that use V3 signatures" policy setting. 

  

  

If you have questions or issues, please let us know via the Security Baseline Community or this post. 

Updated Jun 29, 2021
Version 1.0
No CommentsBe the first to comment