| DoD Office 2019-M365 Apps STIG User v3r3 | |
| Data collected on: 4/3/2025 10:44:42 AM | |
| Domain | security.local |
| Owner | SECURITY\Domain Admins |
| Created | 4/2/2025 10:40:32 AM |
| Modified | 4/2/2025 10:41:02 AM |
| User Revisions | 1 (AD), 1 (SYSVOL) |
| Computer Revisions | 1 (AD), 1 (SYSVOL) |
| Unique ID | {FEDDC153-7BCE-4AD2-9DAE-8AEA5DECCC8D} |
| GPO Status | Computer settings disabled |
| Location | Enforced | Link Status | Path |
|---|---|---|---|
| None | |||
| Name |
|---|
| NT AUTHORITY\Authenticated Users |
| Name | Allowed Permissions | Inherited |
|---|---|---|
| NT AUTHORITY\Authenticated Users | Read (from Security Filtering) | No |
| NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS | Read | No |
| NT AUTHORITY\SYSTEM | Edit settings, delete, modify security | No |
| SECURITY\Domain Admins | Edit settings, delete, modify security | No |
| SECURITY\Enterprise Admins | Edit settings, delete, modify security | No |
| Policy | Setting | Comment | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Block macros from running in Office files from the internet | Enabled | |||||||||
| Disable Trust Bar Notification for unsigned application add-ins and block them | Enabled | |||||||||
| VBA Macro Notification Settings | Enabled | |||||||||
| ||||||||||
| Policy | Setting | Comment |
|---|---|---|
| Do not show data extraction options when opening corrupt workbooks | Enabled |
| Policy | Setting | Comment |
|---|---|---|
| Ask to update automatic links | Enabled |
| Policy | Setting | Comment |
|---|---|---|
| Load pictures from Web pages not created in Excel | Disabled |
| Policy | Setting | Comment |
|---|---|---|
| Disable AutoRepublish | Enabled | |
| Do not show AutoRepublish warning alert | Disabled |
| Policy | Setting | Comment | ||
|---|---|---|---|---|
| Force file extension to match file type | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Scan encrypted macros in Excel Open XML workbooks | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Turn off file validation | Disabled | |||
| WEBSERVICE Function Notification Settings | Enabled | |||
| ||||
| Policy | Setting | Comment | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Block macros from running in Office files from the internet | Enabled | |||||||||||
| Disable Trust Bar Notification for unsigned application add-ins and block them | Enabled | |||||||||||
| Macro Notification Settings | Enabled | |||||||||||
| ||||||||||||
| Policy | Setting | Comment |
|---|---|---|
| Always prevent untrusted Microsoft Query files from opening | Enabled | |
| Don’t allow Dynamic Data Exchange (DDE) server launch in Excel | Enabled | |
| Don’t allow Dynamic Data Exchange (DDE) server lookup in Excel | Enabled |
| Policy | Setting | Comment | ||
|---|---|---|---|---|
| dBase III / IV files | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Dif and Sylk files | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Excel 2 macrosheets and add-in files | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Excel 2 worksheets | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Excel 3 macrosheets and add-in files | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Excel 3 worksheets | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Excel 4 macrosheets and add-in files | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Excel 4 workbooks | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Excel 4 worksheets | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Excel 95 workbooks | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Excel 95-97 workbooks and templates | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Set default file block behavior | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Web pages and Excel 2003 XML spreadsheets | Enabled | |||
| ||||
| Policy | Setting | Comment | ||||
|---|---|---|---|---|---|---|
| Always open untrusted database files in Protected View | Enabled | |||||
| Do not open files from the internet zone in Protected View | Disabled | |||||
| Do not open files in unsafe locations in Protected View | Disabled | |||||
| Set document behavior if file validation fails | Enabled | |||||
| ||||||
| Policy | Setting | Comment | ||||
| Turn off Protected View for attachments opened from Outlook | Disabled | |||||
| Policy | Setting | Comment |
|---|---|---|
| Allow Trusted Locations on the network | Disabled |
| Policy | Setting | Comment | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Disable UI extending from documents and templates | Enabled | |||||||||||||||||||
| ||||||||||||||||||||
| Policy | Setting | Comment | ||
|---|---|---|---|---|
| ActiveX Control Initialization | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Automation Security | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Disable all Trust Bar notifications for security issues | Disabled | |||
| Encryption type for password protected Office 97-2003 files | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Encryption type for password protected Office Open XML files | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Load Controls in Forms3 | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Macro Runtime Scan Scope | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Protect document metadata for rights managed Office Open XML Files | Enabled | |||
| Policy | Setting | Comment |
|---|---|---|
| Allow mix of policy and user locations | Disabled |
| Policy | Setting | Comment |
|---|---|---|
| Disable the Office client from polling the SharePoint Server for published links | Enabled |
| Policy | Setting | Comment |
|---|---|---|
| Disable Smart Document's use of manifests | Enabled |
| Policy | Setting | Comment | ||
|---|---|---|---|---|
| Authentication with Exchange Server | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Enable RPC encryption | Enabled | |||
| Policy | Setting | Comment |
|---|---|---|
| Do not allow Outlook object model scripts to run for public folders | Enabled | |
| Do not allow Outlook object model scripts to run for shared folders | Enabled | |
| Use Unicode format when dragging e-mail message to file system | Disabled |
| Policy | Setting | Comment | ||||
|---|---|---|---|---|---|---|
| Allow Active X One Off Forms | Enabled | |||||
| ||||||
| Policy | Setting | Comment | ||||
| Prevent users from customizing attachment security settings | Enabled | |||||
| Policy | Setting | Comment |
|---|---|---|
| Include Internet in Safe Zones for Automatic Picture Download | Disabled |
| Policy | Setting | Comment | ||
|---|---|---|---|---|
| Do not display 'Publish to GAL' button | Enabled | |||
| Minimum encryption settings | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Signature Warning | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
|---|---|---|---|---|
| Retrieving CRLs (Certificate Revocation Lists) | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
|---|---|---|---|---|
| Outlook Security Mode | Enabled | |||
| ||||
| Policy | Setting | Comment |
|---|---|---|
| Allow users to demote attachments to Level 2 | Disabled | |
| Display Level 1 attachments | Disabled | |
| Remove file extensions blocked as Level 1 | Disabled | |
| Remove file extensions blocked as Level 2 | Disabled |
| Policy | Setting | Comment | ||
|---|---|---|---|---|
| Allow scripts in one-off Outlook forms | Disabled | |||
| Set Outlook object model custom actions execution prompt | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
|---|---|---|---|---|
| Configure Outlook object model prompt when accessing an address book | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Configure Outlook object model prompt When accessing the Formula property of a UserProperty object | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Configure Outlook object model prompt when executing Save As | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Configure Outlook object model prompt when reading address information | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Configure Outlook object model prompt when responding to meeting and task requests | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Configure Outlook object model prompt when sending mail | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
|---|---|---|---|---|
| Allow hyperlinks in suspected phishing e-mail messages | Disabled | |||
| Security setting for macros | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
|---|---|---|---|---|
| Run Programs | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Scan encrypted macros in PowerPoint Open XML presentations | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Turn off file validation | Disabled | |||
| Policy | Setting | Comment | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Block macros from running in Office files from the internet | Enabled | |||||||||
| Disable Trust Bar Notification for unsigned application add-ins and block them | Enabled | |||||||||
| VBA Macro Notification Settings | Enabled | |||||||||
| ||||||||||
| Policy | Setting | Comment | ||
|---|---|---|---|---|
| PowerPoint 97-2003 presentations, shows, templates and add-in files | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Set default file block behavior | Enabled | |||
| ||||
| Policy | Setting | Comment | ||||
|---|---|---|---|---|---|---|
| Do not open files from the internet zone in Protected View | Disabled | |||||
| Do not open files in unsafe locations in Protected View | Disabled | |||||
| Set document behavior if file validation fails | Enabled | |||||
| ||||||
| Policy | Setting | Comment | ||||
| Turn off Protected View for attachments opened from Outlook | Disabled | |||||
| Policy | Setting | Comment |
|---|---|---|
| Allow Trusted Locations on the network | Disabled |
| Policy | Setting | Comment | ||
|---|---|---|---|---|
| Allow Trusted Locations on the network | Disabled | |||
| Disable Trust Bar Notification for unsigned application add-ins and block them | Enabled | |||
| VBA Macro Notification Settings | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
|---|---|---|---|---|
| Publisher Automation Security Level | Enabled | |||
| ||||
| Policy | Setting | Comment | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Disable Trust Bar Notification for unsigned application add-ins and block them | Enabled | |||||||||
| VBA Macro Notification Settings | Enabled | |||||||||
| ||||||||||
| Policy | Setting | Comment | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Allow Trusted Locations on the network | Disabled | |||||||||
| Block macros from running in Office files from the internet | Enabled | |||||||||
| Disable Trust Bar Notification for unsigned application add-ins and block them | Enabled | |||||||||
| VBA Macro Notification Settings | Enabled | |||||||||
| ||||||||||
| Policy | Setting | Comment | ||
|---|---|---|---|---|
| Visio 2000-2002 Binary Drawings, Templates and Stencils | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Visio 2003-2010 Binary Drawings, Templates and Stencils | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Visio 5.0 or earlier Binary Drawings, Templates and Stencils | Enabled | |||
| ||||
| Policy | Setting | Comment |
|---|---|---|
| Turn off file validation | Disabled |
| Policy | Setting | Comment | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Block macros from running in Office files from the internet | Enabled | |||||||||
| Disable Trust Bar Notification for unsigned application add-ins and block them | Enabled | |||||||||
| Scan encrypted macros in Word Open XML documents | Enabled | |||||||||
| ||||||||||
| Policy | Setting | Comment | ||||||||
| VBA Macro Notification Settings | Enabled | |||||||||
| ||||||||||
| Policy | Setting | Comment | ||
|---|---|---|---|---|
| Set default file block behavior | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Word 2 and earlier binary documents and templates | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Word 2000 binary documents and templates | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Word 2003 binary documents and templates | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Word 2007 and later binary documents and templates | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Word 6.0 binary documents and templates | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Word 95 binary documents and templates | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Word 97 binary documents and templates | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Word XP binary documents and templates | Enabled | |||
| ||||
| Policy | Setting | Comment | ||||
|---|---|---|---|---|---|---|
| Do not open files from the internet zone in Protected View | Disabled | |||||
| Do not open files in unsafe locations in Protected View | Disabled | |||||
| Set document behavior if file validation fails | Enabled | |||||
| ||||||
| Policy | Setting | Comment | ||||
| Turn off Protected View for attachments opened from Outlook | Disabled | |||||
| Policy | Setting | Comment |
|---|---|---|
| Allow Trusted Locations on the network | Disabled |