Files that are opened from Trusted Locations skip file validation checks, File Block checks, and don't open in Protected View or Application Guard. This includes add-ins, ActiveX controls, hyperlinks, links to data sources and media, and VBA macros. Trusted Locations affect all content in a file. Then, if needed, control Trusted Locations centrally through policy and don't allow users to set Trusted Locations themselves. In the security baseline for Microsoft 365 Apps for enterprise, the guidance is to disable network-based Trusted Locations. Therefore, Trusted Locations should be used rarely, for unique situations and only for select users.
The following diagram shows the trust workflow for opening Office files.Īs shown in Step 2, files in Trusted Locations bypass all other security and policy checks. It’s important to trust the original source of the file when you save it to a Trusted Location, since all active content will be enabled, and users won’t be notified about any potential security risks. This means files saved in Trusted Locations aren't opened in Protected View or Application Guard.Īctive content can include unsigned add-ins, VBA macros, connections to external data and more. These files bypass threat protection services, bypass file block settings, and all active content is enabled. Trusted Locations is a feature of Office where files contained in these folders are assumed safe, such as files you create yourself or saved from a trustworthy source. Applies to: Microsoft 365 Apps, Office LTSC 2021, Office 2019, and Office 2016