Always warn on untrusted macros must be enforced.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-71249	DTOO276	SV-85873r1_rule		Medium

Description
To protect users from dangerous code, the Outlook default configuration disables all macros that are not trusted, including unsigned macros, macros with expired or invalid signatures, and macros with valid signatures from publishers who are not on users' Trusted Publishers lists. The default configuration also allows macros that are signed by trusted publishers to run automatically without notifying users, which could allow dangerous code to run.

Description

To protect users from dangerous code, the Outlook default configuration disables all macros that are not trusted, including unsigned macros, macros with expired or invalid signatures, and macros with valid signatures from publishers who are not on users' Trusted Publishers lists. The default configuration also allows macros that are signed by trusted publishers to run automatically without notifying users, which could allow dangerous code to run.

STIG	Date
Microsoft Outlook 2016 STIG	2016-12-02

Details

Check Text ( None )
None

Fix Text (F-46929r2_fix)
Set the policy value for User Configuration >> Administrative Templates >> Microsoft Outlook 2016 >> Security >> Trust Center "Security setting for macros" to "Enabled (Warn for signed, disable unsigned)".