Untrusted Publisher Macros Cannot Be Enabled via Message Bar or Backstage View
Block untrusted Microsoft Office macros from being enabled using standard interface warnings.
🏛️ Framework
ASD Essential Eight
🧭 Control effect
Preventative
🛠️ E8 mitigation strategy
RM
🔐 Classifications
N/A
🗓️ Official last update
N/A
✏️ Control Stack last updated
19 Mar 2026
🎯 E8 maturity levels
ML3
Microsoft Office macros digitally signed by an untrusted publisher cannot be enabled via the Message Bar or Backstage View.
Source: ASD Essential Eight
Plain language
This control is about making sure that untrusted macros in Microsoft Office can't be turned on through the usual ways users interact with the software. Macros can be tiny programs inside Office documents, which, if untrusted, might run harmful commands that could steal data or damage systems. Without this control, your organisation is at risk of letting harmful code run freely through seemingly harmless documents.
Why it matters
Allowing macros from untrusted publishers to be enabled can lead to malicious code execution via Office documents, causing compromise or data loss.
Operational notes
Use Office GPO/Intune to block enabling macros from untrusted publishers via Message Bar/Backstage View, and regularly test Office prompt behaviour after updates.
Implementation tips
- IT team: Identify all computers that have Microsoft Office installations. Ensure the security settings prevent enabling untrusted macros from the Message Bar or Backstage View.
- System administrator: Configure Microsoft Office Group Policy settings to block macros from untrusted publishers, so that users can't enable them without deliberate IT intervention.
- Security officer: Review the list of approved trusted publishers regularly and ensure it's up to date, verifying that only necessary and known publishers are trusted.
- IT support: Educate staff on the dangers of enabling macros from unknown sources, emphasising that they should report any suspicious documents rather than enabling their content.
Audit / evidence tips
-
Ask: How do you prevent users from enabling macros from untrusted publishers?
-
Good: The Group Policy should show that untrusted macros cannot be enabled, and a report should indicate when the policy was last validated
-
Ask: What process is in place to maintain and review the list of trusted publishers?
-
Good: The organisation should present a recent review log, indicating the date and outcomes of their trusted publisher list assessment
Cross-framework mappings
How E8-RM-ML3.4 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.
ASD ISM
| Control | Notes | Details |
|---|---|---|
| Partially meets (1) | ||
| ISM-1674 | E8-RM-ML3.4 focuses on preventing users from enabling untrusted-publisher signed macros via the Message Bar or Backstage View | |
| Partially overlaps (1) | ||
| ISM-1891 | E8-RM-ML3.4 requires blocking the enabling of macros when the macro is signed by an untrusted publisher via the Message Bar or Backstage ... | |
| Supports (2) | ||
| ISM-1489 | E8-RM-ML3.4 requires Office to prevent untrusted publisher macros being enabled through the Message Bar or Backstage View | |
| ISM-1676 | E8-RM-ML3.4 requires that macros signed by an untrusted publisher cannot be enabled via the Message Bar or Backstage View | |
| Related (1) | ||
| ISM-1675 | E8-RM-ML3.4 requires that Microsoft Office macros digitally signed by an untrusted publisher cannot be enabled via the Message Bar or Bac... | |