Prevent Users from Changing Office Macro Security Settings
Users cannot alter the security settings for Microsoft Office macros, ensuring consistent protection.
Plain language
This control makes sure that users in your organisation can't change the security settings related to Microsoft Office macros. It's important because if someone accidentally changes these settings, malicious code hidden in office documents could run unchecked, potentially causing data breaches or other security incidents.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Aug 2018
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML1, ML2, ML3
Guideline
Guidelines for system hardeningSection
User application hardeningTopic
Microsoft Office MacrosOfficial control statement
Microsoft Office macro security settings cannot be changed by users.
Why it matters
If users change Office macro settings, malicious macros may run, causing data breaches or ransomware.
Operational notes
Regularly confirm GPO enforces Office macro security settings, and monitor/resolve any user attempts to bypass the lock-down.
Implementation tips
- The IT team should configure group policies in your computer network that lock down macro settings in Microsoft Office applications. This involves using tools like Windows Group Policy Editor to ensure that users cannot alter these settings.
- The system administrator should regularly review the Group Policy settings to ensure they are correctly applied to all user accounts. This can be done by accessing the Group Policy Management Console and verifying that the policies are enforced across all user profiles.
- Managers should educate their team about the risks associated with macros and why this control is in place. An easy way to do this is during team meetings or by sending clear, concise emails explaining the dangers of malicious macros.
- IT support staff should set up alerts to notify them if there are attempts to change these settings. This can be done by configuring logging and monitoring tools to track any unauthorised changes.
- HR should work with IT to include training on macro security as part of the onboarding process for new employees. This will ensure everyone starts with the same understanding of why these controls are important.
Audit / evidence tips
- AskThe Group Policy settings report in place for Microsoft Office macro security GoodIs when policies show 'Disable all macros' is enforced network-wide
- GoodIs that there are no unauthorised change attempts recorded
- AskA record of staff training sessions about macro security GoodIs a register confirming all staff have attended relevant sessions with updates every six months
- GoodIs that all groups have the correct macro settings locked as per organisational policy
- AskHR onboarding documentation related to IT security GoodIs documentation showing it’s a mandatory topic with updates at least annually
Cross-framework mappings
How ISM-1489 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
E8
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (2) expand_less | ||
| handshake Supports (4) expand_less | ||
| extension Depends on (1) expand_less | ||
| link Related (1) expand_less | ||
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.