Review Your Security and Privacy Settings in Microsoft Office

Lance Whitney

Use Microsoft Office? You should check out the suite’s security and privacy settings, if only to be aware of them.

Microsoft Office has always been susceptible to viruses and other malware, often delivered through macros in Word. As a response, Microsoft Office disables macros by default when you open documents that you receive from others. But even without macros enabled, Word users can still be exposed. A nasty zero-day vulnerability recently documented by McAfee and since patched by Microsoft could have infected your system if you opened the wrong file attachment. However, this piece of malware would not have unleashed its payload if you had enabled Protected View, which opens documents in read-only mode.

Office users should also be on the lookout for potential privacy issues. Through a feature called Intelligent Services, Microsoft can gather the contents of your Office files in an attempt to offer ideas and help improve your writing. This feature is turned off by default, so fortunately you don’t have to hunt around to disable it. But it’s still a feature that exists and that you may want to keep disabled.

So, between these two issues, Office users need to check their security and privacy settings to make sure they’re as tight as possible. You can ensure that your security settings guard you against malware and other threats. And you can control your privacy settings to be sure your content stays private.

Let’s go over the steps for reviewing your security and privacy in Office. For this article, I’ll use Office 2016, but the steps apply to the last several versions of Office as well. The settings you view also are part of all the applications in the Office suite.

Open any application in Microsoft Office – Word, Excel, PowerPoint, Outlook, etc. Click on the File menu and then select Options. In the General window, notice the section for Office intelligent services through which Microsoft could check out your search terms and document content. The option to Enable services should be turned off by default. If some reason, you wish to enable this feature, I encourage you to first click on the links for About intelligent services and Privacy statement to learn more about this feature and Microsoft’s handling of your privacy in general.

Click on the category for Trust Center. Then click on the link for Microsoft Trustworthy Computing.

The Microsoft Trust Center website appears. Most of the information on this website is directed toward enterprise users and IT professionals. But some of the details are of value to individual Windows or Office users. At this site, click on the menu for Security & privacy, hover over the submenu for Product security, and then click on the link for Office 365. At the Office 365 page, click on the link to Get an overview of Office 365. Here you’ll find information on Office 365 of help to both businesses and individuals. Again, click on the menu for Security & privacy, hover over the submenu for Privacy, and then click on the link for Overview. At the Privacy page, click on some of the links on the right under Privacy topics, such as Where your data is located, Who can access your data, How we manage your data, How we respond to government requests for data, and How Microsoft defines data.

Click on the link for the Microsoft Trust Center to return to the home page for the site. Under the line that reads: “Are you a home user?,” click on the link to Go to Microsoft Safety. The Safety & Security Center site opens with information of greater value to home and individual users. Check out the links and subpages on this site to learn more about how Microsoft views and treats your security.

Okay, let’s head back to whatever Office application you opened. At the Options window, click on the button for Trust Center Settings. Click on the setting for Trusted Publishers. Here you can view certain software that integrates with Office and has been certified as safe and legitimate.

Click on the category for Trusted Locations. This screen displays locations that store templates, add-ins, and other Office content and therefore are automatically trusted. Then click on the category for Trusted Documents. Here you can see if documents stored on a known network, such as a home or company network, are automatically trusted and therefore opened in your Office application. Click on the category for Trusted Add-in Catalogs. You won’t find any information here unless you or someone else specifically created a Web-based catalog to house Office add-ins.

Click on the category for Add-ins. This screen gives you the ability to require add-ins to be signed by the publisher or disable add-ins altogether. Leaving these settings turned off ensures that the right add-ins will work properly. Click on the category for ActiveX Settings. The default in Office 2016 is to run ActiveX controls in Safe mode, which means you’re prompted before enabling all such controls with minimal restrictions. ActiveX controls can be dangerous if a hacker attempts to use one to compromise your system. But Safe mode tries to protect you without totally disabling such controls.

Next, click on the category for Macro Settings. Since macros can carry a payload of malware, the default setting is to disable them and notify you when they’re disabled. When you open a document from someone else, you can enable macros on an individual basis if you know they’re safe. Click on the category for Protected View. This option is one of the best ways to protect yourself when accessing a downloaded or attached document as it opens the file in read-only mode. The default is to enable it for files from the Internet, files from possibly unsafe locations, and files attached to an Outlook email.

Click on the category for Message Bar. The message bar tells you if certain content has been blocked, so the default setting is to show the bar. Click on the next category for External Content. This applies to images, hyperlinks, and other content in an Office file. The default setting to prompt you about data connections and workbook links attempts to warn you about potential malware. Click on the link to File Block Settings. The default setting here is to open older types of files in Protected View.

Click on the category for Privacy Options. Here the default is to let Office connect to Microsoft’s online services to provide functionality relevant to your usage and preferences. If you’re concerned about privacy, you may want to turn off this option. However, you should first click on the link to Read our privacy statement to understand how Microsoft treats your privacy.

Finally, you can click on the button for the Document Inspector to analyze any Office file you’ve opened to make sure it’s safe and remove any content you feel may pose a threat.

In general, Microsoft’s default settings for the Trust Center try to strike a balance between safety and functionality. So, you can typically leave them as they are. But you should check out the linked pages for each category in this article to better understand the settings and determine if you wish to make any changes.

= Paid content

All Windows Secrets articles posted on 2017-04-25: