Untrusted Publisher Macros Cannot Be Enabled via Message Bar or Backstage View
Block untrusted Microsoft Office macros from being enabled using standard interface warnings.
Plain language
This control is about making sure that untrusted macros in Microsoft Office can't be turned on through the usual ways users interact with the software. Macros can be tiny programs inside Office documents, which, if untrusted, might run harmful commands that could steal data or damage systems. Without this control, your organisation is at risk of letting harmful code run freely through seemingly harmless documents.
Framework
ASD Essential Eight
Control effect
Preventative
E8 mitigation strategy
RM
Classifications
N/A
Official last update
N/A
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML3
Official control statement
Microsoft Office macros digitally signed by an untrusted publisher cannot be enabled via the Message Bar or Backstage View.
Why it matters
Allowing macros from untrusted publishers to be enabled can lead to malicious code execution via Office documents, causing compromise or data loss.
Operational notes
Use Office GPO/Intune to block enabling macros from untrusted publishers via Message Bar/Backstage View, and regularly test Office prompt behaviour after updates.
Implementation tips
- IT team: Identify all computers that have Microsoft Office installations. Ensure the security settings prevent enabling untrusted macros from the Message Bar or Backstage View.
- System administrator: Configure Microsoft Office Group Policy settings to block macros from untrusted publishers, so that users can't enable them without deliberate IT intervention.
- Security officer: Review the list of approved trusted publishers regularly and ensure it's up to date, verifying that only necessary and known publishers are trusted.
- IT support: Educate staff on the dangers of enabling macros from unknown sources, emphasising that they should report any suspicious documents rather than enabling their content.
Audit / evidence tips
-
AskHow do you prevent users from enabling macros from untrusted publishers?
-
GoodThe Group Policy should show that untrusted macros cannot be enabled, and a report should indicate when the policy was last validated
-
AskWhat process is in place to maintain and review the list of trusted publishers?
-
GoodThe organisation should present a recent review log, indicating the date and outcomes of their trusted publisher list assessment
Cross-framework mappings
How E8-RM-ML3.4 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ASD ISM
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| ISM-1674 | E8-RM-ML3.4 focuses on preventing users from enabling untrusted-publisher signed macros via the Message Bar or Backstage View | |
| sync_alt Partially overlaps (1) expand_less | ||
| ISM-1891 | E8-RM-ML3.4 requires blocking the enabling of macros when the macro is signed by an untrusted publisher via the Message Bar or Backstage ... | |
| handshake Supports (2) expand_less | ||
| ISM-1489 | E8-RM-ML3.4 requires Office to prevent untrusted publisher macros being enabled through the Message Bar or Backstage View | |
| ISM-1676 | E8-RM-ML3.4 requires that macros signed by an untrusted publisher cannot be enabled via the Message Bar or Backstage View | |
| link Related (1) expand_less | ||
| ISM-1675 | E8-RM-ML3.4 requires that Microsoft Office macros digitally signed by an untrusted publisher cannot be enabled via the Message Bar or Bac... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.