# Configure Microsoft Office macro settings
<a name="microsoft-office-macro-settings"></a>


****  

<table>
<thead>
  <tr><th>Essential Eight control</th><th>Implementation guidance</th><th>AWS resources</th><th>AWS Well-Architected guidance</th></tr>
</thead>
<tbody>
  <tr><td>Microsoft Office macros are disabled for users that do not have a demonstrated business requirement.</td><td rowspan="10">See [Technical example: Configure macro settings](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/small-business-cyber-security/small-business-cloud-security-guide/technical-example-configure-macro-settings) (ACSC website)</td><td rowspan="10">Not applicable</td><td rowspan="10">Not applicable</td></tr>
  <tr><td>Only Microsoft Office macros running from within a sandboxed environment, a Trusted Location or that are digitally signed by a trusted publisher are allowed to execute.</td></tr>
  <tr><td>Only privileged users responsible for validating that Microsoft Office macros are free of malicious code can write to and modify content within Trusted Locations.</td></tr>
  <tr><td>Microsoft Office macros digitally signed by an untrusted publisher cannot be enabled via the Message Bar or Backstage View.</td></tr>
  <tr><td>Microsoft Office's list of trusted publishers is validated on an annual or more frequent basis.</td></tr>
  <tr><td>Microsoft Office macros in files originating from the internet are blocked.</td></tr>
  <tr><td>Microsoft Office macro antivirus scanning is enabled.</td></tr>
  <tr><td>Microsoft Office macros are blocked from making Win32 API calls.</td></tr>
  <tr><td>Microsoft Office macro security settings cannot be changed by users.</td></tr>
  <tr><td>Allowed and blocked Microsoft Office macro executions are centrally logged and protected from unauthorised modification and deletion, monitored for signs of compromise, and actioned when cyber security events are detected.</td></tr>
</tbody>
</table>