Microsoft Office Trust Center Mac
Microsoft contractual commitments back our privacy best practices. Microsoft makes broad contractual commitments to business in our Online Services Terms. Microsoft will use customer data only to provide the services agreed upon, and for purposes compatible with providing those services.
- Microsoft Office Trust Center Mac Os
- Microsoft Office Trust Center Mac Computer
- Microsoft Office Trust Center Mac Computer
- Microsoft Word Trust Center Mac
Microsoft is committed to providing you with the information and controls you need to make choices about how your data is collected and used when you’re using Office 365 ProPlus.
- Sep 24, 2018 Today, we are announcing the general availability of Office 2019 for Windows and Mac. Office 2019 is the next on-premises version of Word, Excel, PowerPoint, Outlook, Project, Visio, Access, and Publisher.
- 2019-3-31 I do not have a Mac and am writing from my experiences with the Windows version. That version is similar, but the two are not the same. Nevertheless, I hope that I can be of some help. There is no 'Trust Center' in Office for the Mac. Try Tools Security Options or Excel Preferences Security Options This forum is a user-to-user support forum.
Starting with Version 1904 of Office 365 ProPlus, there are new policy settings that will allow you to control settings related to the following:
Diagnostic data that is collected and sent to Microsoft about Office client software being used
Connected experiences that use cloud-based functionality to provide enhanced Office features to you and your users.
The following are the five new policy settings:
- Configure the level of client software diagnostic data sent by Office to Microsoft
- Allow the use of connected experiences in Office that analyze content
- Allow the use of connected experiences in Office that download online content
- Allow the use of additional optional connected experiences in Office
- Allow the use of connected experiences in Office
These policy settings can be implemented by using either Group Policy or the Office cloud policy service. If you’re using Group Policy, you need to download the most current version of the Administrative Template files (ADMX/ADML) from the Microsoft Download Center.
Note
- For information on how to manage privacy controls for Office for Mac, see Use preferences to manage privacy controls for Office for Mac.
- For information about similar settings for Office on iOS devices, see Use preferences to manage privacy controls for Office on iOS devices.
- For information about similar settings for Office on Android devices, see Use policy settings to manage privacy controls for Office on Android devices.
If you’re using the Group Policy Management tool, all these policy settings are located under User ConfigurationPoliciesAdministrative TemplatesMicrosoft Office 2016PrivacyTrust Center.
These new policy settings also apply to desktop versions of Project and Visio that come with some subscription plans, such as the Project Online Professional plan or Visio Online Plan 2. They also apply to Office 365 Business.
There are also some existing policy settings that will no longer apply to Office 365 ProPlus, and there are some user interface (UI) changes for privacy settings that you should be aware of because your users might notice those changes and ask about them.
As with any new policy settings, you should carefully test them out in a limited, controlled environment to ensure the settings you configure have the desired effect before you implement the policy settings more widely in your organization.
Policy setting for diagnostic data
Diagnostic data is used to keep Office secure and up-to-date, detect, diagnose and remediate problems, and also make product improvements.
You can use the Configure the level of client software diagnostic data sent by Office to Microsoft policy setting to choose what level of diagnostic data is sent to Microsoft.
If you enable this policy setting, you must choose which level of diagnostic data is sent to Microsoft. Your choices are Required, Optional, or Neither.
If you choose Required, the minimum data necessary to help keep Office secure, up-to-date, and performing as expected on the device it’s installed on is sent to Microsoft.
If you choose Optional, additional data that helps make product improvements and provides enhanced information to help detect, diagnose, and remediate issues is sent to Microsoft. If you choose to send optional diagnostic data, required diagnostic data is also included.
If you choose Neither, no diagnostic data about Office client software running on the user’s device is sent to Microsoft. This option, however, significantly limits Microsoft’s ability to detect, diagnose, and remediate problems that your users may encounter when using Office.
If you disable or don’t configure this policy setting, both optional and required diagnostic data is sent to Microsoft.
For more information about diagnostic data, see the following:
Policy settings for connected experiences
Office 365 ProPlus consists of client software applications and connected experiences designed to enable you to create, communicate, and collaborate more effectively. Working with others on a document stored on OneDrive for Business or translating the contents of a Word document into a different language are examples of connected experiences.
We understand that you might want to choose which types of connected experiences are available to your users when they’re working in Office applications. So we have provided four new policy settings for you:
- Allow the use of connected experiences in Office that analyze content
- Allow the use of connected experiences in Office that download online content
- Allow the use of additional optional connected experiences in Office
- Allow the use of connected experiences in Office
If you don't configure these policy settings, all connected experiences are available. This gives your users all the features and functionality accessible through Office 365 ProPlus. But we understand that you might need to turn off some or all of these connected experiences to meet certain requirements of your organization.
If you choose not to provide your users with certain types of connected experiences, either the ribbon or menu command for those connected experiences will be grayed out or users will get an error message when they try to use those connected experiences. In that case, no required service data for those connected experiences will be sent to Microsoft.
Your users won’t be able to choose whether to turn these connected experiences included with Office 365 ProPlus on or off if they are signed into Office with their organizational credentials, which is sometimes referred to as a work or school account.
Policy setting for connected experiences that analyze your content
These are experiences that use your Office content to provide you with design recommendations, editing suggestions, data insights, and similar features. For example, PowerPoint Designer or Editor in Word. For a list of these connected experiences, see Connected experiences in Office.
You can use the Allow the use of connected experiences in Office that analyze content policy setting to control whether these types of connected experiences are available to your users. If you don’t configure this policy setting, these connected experiences will be available to your users.
Microsoft precision mouse isn't connecting to mac. Note that if you disable the Allow the use of connected experiences in Office policy setting, connected experiences that analyze content won’t be available to your users.
Policy setting for connected experiences that download online content
These are experiences that allow you to search and download online content including templates, images, 3D models, videos, and reference materials to enhance your documents. For example, Office templates or PowerPoint QuickStarter. For a list of these connected experiences, see Connected experiences in Office.
You can use the Allow the use of connected experiences in Office that download online content policy setting to control whether these types of connected experiences are available to your users. If you don’t configure this policy setting, these connected experiences will be available to your users.
Note that if you disable the Allow the use of connected experiences in Office policy setting, connected experiences that download online content won’t be available to your users.
Policy setting for optional connected experiences
In addition to the connected experiences mentioned above that are included with Office 365 ProPlus, there are some optional connected experiences that you may choose to allow your users to access with their organization account. For example, the LinkedIn features of the Resume Assistant in Word or the 3D Maps feature in Excel, which uses Bing. For more examples, see Overview of optional connected experiences in Office.
These connected experiences are different because they are not covered by your organization’s commercial agreement with Microsoft. Optional connected experiences are offered by Microsoft directly to your users and are governed by the Microsoft Services Agreement instead of the Online Services Terms. In some cases, third party content or functionality are provided through these optional connected experiences and other terms may also apply. For more information, see Overview of optional connected experiences in Office.
You can use the Allow the use of additional optional connected experiences in Office policy setting to control whether these types of connected experiences are available to your users. If you don’t configure this policy setting, these optional connected experiences will be available to your users.
Note
The Allow the use of additional optional connected experiences in Office policy setting can also be configured to apply to the following Office for the web applications:
- Excel for the web
- OneNote for the web
- PowerPoint for the web
- Visio for the web
- Word for the web
To configure this policy setting for these Office for the web applications, you need to use the Office cloud policy service.
Even if you choose to make these optional connected experiences available to your users, your users will have the option to turn them off as a group by going to the privacy settings dialog box. Your users will only have this choice if they are signed into Office with their organizational credentials (sometimes referred to as a work or school account), not if they are signed in with a personal email address.
Also, some of these optional connected experiences are also considered to be connected experiences that analyze content or that download online content. For example, Insert Online Pictures is an optional connected experience, powered by Microsoft Bing, but it’s also considered to be a connected experience that downloads online content. Therefore, if you disable the Allow the use of connected experiences in Office that download online content policy setting, Insert Online Pictures won’t be available to your users. It won’t be available even if you have enabled the Allow the use of additional optional connected experiences in Office policy setting. For more information about which connected experiences analyze content or download online content, see Connected experiences in Office.
There is one exception to take note of. The Allow the use of additional optional connected experiences in Office policy setting does not control experiences that require you to connect your LinkedIn account to your Microsoft work or school account. To control these type of experiences, such as the LinkedIn information on a profile card in Outlook, see Connect your LinkedIn and Microsoft accounts and Consent to LinkedIn account connections for an Azure Active Directory organization.
Policy setting for most connected experiences
You can use the Allow the use of connected experiences in Office policy setting to control whether most connected experiences accessible through Office 365 ProPlus are available to your users. If you disable the policy setting, the following types of connected experiences won’t be available to your users:
- Experiences that analyze your content
- Experiences that download online content
- Optional connected experiences
In addition, if you disable this policy setting, most other connected experiences are also turned off, such as co-authoring and online file storage. For a list of these other connected experiences, see Connected experiences in Office.
But even if you disable this policy setting, limited Office functionality will remain available, such as synching a mailbox in Outlook, and Teams and Skype for Business will continue to work. Essential services, such as the licensing service that confirms that you’re properly licensed to use Office, will also remain available.
Existing policy settings that are replaced by new policy settings
There are two existing policy settings that are no longer applicable to Office 365 ProPlus, starting with Version 1904. Those policy settings are the following:
Send personal information, which can be found under User ConfigurationPoliciesAdministrative TemplatesMicrosoft Office 2016PrivacyTrust Center.
Online Content Options, which can be found under User ConfigurationPoliciesAdministrative TemplatesMicrosoft Office 2016Tools Options General Service Options..Online Content.
Starting with Version 1904, configuring these two existing policy settings will have no effect on Office 365 ProPlus. They are no longer applicable because their functionality is replaced by these new policy settings:
- Allow the use of connected experiences in Office that analyze content
- Allow the use of connected experiences in Office that download online content
- Allow the use of additional optional connected experiences in Office
- Allow the use of connected experiences in Office
These new policy settings can give you a finer level control than the two existing policy settings. For example, previously if you used the Send personal information policy setting, both PowerPoint QuickStarter and Smart Lookup would be turned off. But now, with the new policy settings, if you use the Allow the use of connected experiences in Office that analyze content policy setting to turn off that type of connected experiences, only Smart Lookup is turned off. PowerPoint QuickStarter will still be available to your users.
The policy settings still appear in the Group Policy Management tool because they are still applicable to volume licensed versions of Office 2016 and Office 2019, such as Office Professional Plus 2019.
What about existing policy settings that control connected experiences?
As you probably already know, there are some existing policy settings that allow you to control connected experiences. Here are a few examples of existing policy settings:
PowerPoint Designer Options, under User ConfigurationPoliciesAdministrative TemplatesMicrosoft Office 2016Tools Options General Service Options..PowerPoint Designer
Turn off QuickStarter, under User ConfigurationPoliciesAdministrative TemplatesMicrosoft PowerPoint 2016PowerPoint OptionsGeneral
Allow LinkedIn Resume Assistant feature, under User ConfigurationPoliciesAdministrative TemplatesMicrosoft Word 2016Word OptionsGeneral
You can still use these existing policy settings if you want to turn off individual connected experiences. But keep in mind that if you use one of the new policy settings, that new policy setting might turn off a connected experience that you turned on by using a different policy setting. For example, if you enable the Allow LinkedIn Resume Assistant feature policy setting, but disable the Allow the use of connected experiences in Office policy setting, the LinkedIn Resume Assistant won’t be available to your users.
In general, if one policy setting is configured to turn on a specific connected experience while at the same time another policy setting is configured to turn off that type of connected experience, then that specific connected experience is turned off for your users.
Privacy related changes to the Office UI
There are some changes to the user interface (UI) of Office 365 ProPlus related to privacy that your users might notice and ask about. These changes are a direct result of the new privacy controls and policy settings available starting in Version 1904.
Dialog about optional connected experiences
If you have chosen to provide your users with optional connected experiences, the first time your users open an Office app after they've been updated to Version 1904 or later, an informational dialog box will appear. This dialog box informs your users that you have given them the choice to use these optional connected experiences and lets them know they can go to File > Account > Account Privacy to change this setting.
Privacy settings removed from the Office UI
The following settings are removed from File > Options > Trust Center > Trust Center Settings… > Privacy Options:
Get designs, information, recommendations, and services by allowing Office to access and make product improvements based on Office content on my device.
Let Office connect to online services from Microsoft to provide functionality that’s relevant to your usage and preference.
Also, under File > Options > General, the choice to enable Office intelligent services is removed.
As the admin for your organization, you now control the equivalent settings to these through the new policy settings described earlier.
Privacy settings added to the Office UI
The following are new elements added to the Office UI:
Microsoft Office Trust Center Mac Os
Under File > Account, users will see a new choice for Account Privacy > Manage Settings. It’s under Manage Settings where users can turn off optional connected experiences, if you have given them that option.
Under File > Options > Trust Center > Trust Center Settings… > Privacy Options, there is an option to enable the use of the Diagnostic Data Viewer on the device.
Control privacy settings by editing the registry
Some admins prefer to change settings directly in the registry, for example by using a script, instead of by using Group Policy or the Office cloud policy service. You can use the following information to configure privacy settings directly in the registry.
| Policy setting | Registry setting | Values |
|---|---|---|
| Configure the level of client software diagnostic data sent by Office to Microsoft | SendTelemetry | 1=Required 2=Optional 3=Neither |
| Allow the use of connected experiences in Office that analyze content | UserContentDisabled | 1=Enabled 2=Disabled |
| Allow the use of connected experiences in Office that download online content | DownloadContentDisabled | 1=Enabled 2=Disabled |
| Allow the use of additional optional connected experiences in Office | ControllerConnectedServicesEnabled | 1=Enabled 2=Disabled |
| Allow the use of connected experiences in Office | DisconnectedState | 1=Enabled 2=Disabled |
To create a .reg file for the privacy settings, open Notepad and copy in the following lines. Adjust the values to suit your needs, and then save the file. Be sure the file name has an extension of .reg
For example, you can use this .reg file with the regedit.exe command in a script to configure privacy settings for the user.
-->Understanding the add-in runtime
Office Add-ins are secured by an add-in runtime environment, a multiple-tier permissions model, and performance governors. This framework protects the user's experience in the following ways:
Access to the host application's UI frame is managed.
Only indirect access to the host application's UI thread is allowed.
Modal interactions aren't allowed - for example, calls to JavaScript
alert,confirm, andpromptfunctions aren't allowed because they're modal.
Further, the runtime framework provides the following benefits to ensure that an Office Add-in can't damage the user's environment:
Isolates the process the add-in runs in.
Doesn't require .dll or .exe replacement or ActiveX components.
Makes add-ins easy to install and uninstall.
Also, the use of memory, CPU, and network resources by Office Add-ins is governable to ensure that good performance and reliability are maintained.
The following sections briefly describe how the runtime architecture supports running add-ins in Office clients on Windows-based devices, on OS X Mac devices, and in web browsers.
Clients on Windows and OS X devices
In supported clients for desktop and tablet devices, such as Excel on Windows, and Outlook on Windows and Mac, Office Add-ins are supported by integrating an in-process component, the Office Add-ins runtime, which manages the add-in lifecycle and enables interoperability between the add-in and the client application. The add-in webpage itself is hosted out-of-process. As shown in figure 1, on a Windows desktop or tablet device, the add-in webpage is hosted inside an Internet Explorer or Microsoft Edge control which, in turn, is hosted inside an add-in runtime process that provides security and performance isolation.
On Windows desktops, Protected Mode in Internet Explorer must be enabled for the Restricted Site Zone. This is typically enabled by default. If it is disabled, an error will occur when you try to launch an add-in.
Figure 1. Office Add-ins runtime environment in Windows-based desktop and tablet clients
As shown in the following figure, on an OS X Mac desktop, the add-in web page is hosted inside a sandboxed WebKit runtime host process which helps provide similar level of security and performance protection.
Figure 2. Office Add-ins runtime environment in OS X Mac clients
The Office Add-ins runtime manages interprocess communication, the translation of JavaScript API calls and events into native ones, as well as UI remoting support to enable the add-in to be rendered inside the document, in a task pane, or adjacent to an email message, meeting request, or appointment.
Web clients
In supported Web clients, Office Add-ins are hosted in an iframe that runs using the HTML5 sandbox attribute. ActiveX components or navigating the main page of the web client are not allowed. Office Add-ins support is enabled in the web clients by the integration of the JavaScript API for Office. In a similar way to the desktop client applications, the JavaScript API manages the add-in lifecycle and interoperability between the add-in and the web client. This interoperability is implemented by using a special cross-frame post message communication infrastructure. The same JavaScript library (Office.js) that is used on desktop clients is available to interact with the web client. The following figure shows the infrastructure that supports add-ins in Office running in the browser, and the relevant components (the web client, iframe, Office Add-ins runtime, and JavaScript API for Office) that are required to support them.
Figure 3. Infrastructure that supports Office Add-ins in Office web clients
Add-in integrity in AppSource
You can make your Office Add-ins available to the public by publishing them to AppSource. AppSource enforces the following measures to maintain the integrity of add-ins:
Requires the host server of an Office Add-in to always use Secure Sockets Layer (SSL) to communicate.
Requires a developer to provide proof of identity, a contractual agreement, and a compliant privacy policy to submit add-ins.
Ensures that the source of add-ins is accessible in read-only mode.
Supports a user-review system for available add-ins to promote a self-policing community.
Addressing end users' privacy concerns
This section describes the protection offered by the Office Add-ins platform from the customer's (end user's) perspective, and provides guidelines for how to support users' expectations and how to securely handle users' personally identifiable information (PII).
End users' perspective
Office Add-ins are built using web technologies that run in a browser control or iframe. Because of this, using add-ins is similar to browsing to web sites on the Internet or intranet. Add-ins can be external to an organization (if you acquire the add-in from AppSource) or internal (if you acquire the add-in from an Exchange Server add-in catalog, SharePoint app catalog, or file share on an organization's network). Add-ins have limited access to the network and most add-ins can read or write to the active document or mail item. The add-in platform applies certain constraints before a user or administrator installs or starts an add-in. But as with any extensibility model, users should be cautious before starting an unknown add-in.
The add-in platform addresses end users' privacy concerns in the following ways:
Data communicated with the web server that hosts a content, Outlook or task pane add-in as well as communication between the add-in and any web services it uses must be encrypted using the Secure Socket Layer (SSL) protocol.
Before a user installs an add-in from AppSource, the user can view the privacy policy and requirements of that add-in. In addition, Outlook add-ins that interact with users' mailboxes surface the specific permissions that they require; the user can review the terms of use, requested permissions and privacy policy before installing an Outlook add-in.
When sharing a document, users also share add-ins that have been inserted in or associated with that document. If a user opens a document that contains an add-in that the user hasn't used before, the host application prompts the user to grant permission for the add-in to run in the document. In an organizational environment, the Office host application also prompts the user if the document comes from an external source.
Users can enable or disable the access to AppSource. For content and task pane add-ins, users manage access to trusted add-ins and catalogs from the Trust Center on the host Office client (opened from File > Options > Trust Center > Trust Center Settings > Trusted Add-in Catalogs). For Outlook add-ins, uses can manage add-ins by choosing the Manage Add-ins button: in Outlook on Windows, choose File > Manage Add-ins. In Outlook on Mac, choose the Manage Add-ins button on the add-in bar. In Outlook on the web, choose the Settings menu (gear icon) > Manage add-ins. Administrators can also manage this access by using group policy.
The design of the add-in platform provides security and performance for end users in the following ways:
An Office Add-in runs in a web browser control that is hosted in an add-in runtime environment separate from the Office host application. This design provides both security and performance isolation from the host application.
Running in a web browser control allows the add-in to do almost anything a regular web page running in a browser can do but, at the same time, restricts the add-in to observe the same-origin policy for domain isolation and security zones.
Outlook add-ins provide additional security and performance features through Outlook add-in specific resource usage monitoring. For more information, see Privacy, permissions, and security for Outlook add-ins.
Developer guidelines to handle PII
The following lists some specific PII protection guidelines for you as a developer of Office Add-ins:
The Settings object is intended for persisting add-in settings and state data across sessions for a content or task pane add-in, but don't store passwords and other sensitive PII in the Settings object. The data in the Settings object isn't visible to end users, but it is stored as part of the document's file format which is readily accessible. You should limit your add-in's use of PII and store any PII required by your add-in on the server hosting your add-in as a user-secured resource.
Using some applications can reveal PII. Make sure that you securely store data for your users' identity, location, access times, and any other credentials so that data won't become available to other users of the add-in.
If your add-in is available in AppSource, the AppSource requirement for HTTPS protects PII transmitted between your web server and the client computer or device. However, if you re-transmit that data to other servers, make sure you observe the same level of protection.
If you store users' PII, make sure you reveal that fact, and provide a way for users to inspect and delete it. If you submit your add-in to AppSource, you can outline the data you collect and how it's used in the privacy statement.
Developers' permission choices and security practices
Follow these general guidelines to support the security model of Office Add-ins, and drill down on more details for each add-in type.
Permissions choices
The add-in platform provides a permissions model that your add-in uses to declare the level of access to a user's data that it requires for its features. Each permission level corresponds to the subset of the JavaScript API for Office your add-in is allowed to use for its features. For example, the WriteDocument permission for content and task pane add-ins allows access to the Document.setSelectedDataAsync method that lets an add-in write to the user's document, but doesn't allow access to any of the methods for reading data from the document. This permission level makes sense for add-ins that only need to write to a document, such as an add-in where the user can query for data to insert into their document.
As a best practice, you should request permissions based on the principle of least privilege. That is, you should request permission to access only the minimum subset of the API that your add-in requires to function correctly. For example, if your add-in needs only to read data in a user's document for its features, you should request no more than the ReadDocument permission. (But, keep in mind that requesting insufficient permissions will result in the add-in platform blocking your add-in's use of some APIs and will generate errors at run time.)
You specify permissions in the manifest of your add-in, as shown in the example in this section below, and end users can see the requested permission level of an add-in before they decide to install or activate the add-in for the first time. Additionally, Outlook add-ins that request the ReadWriteMailbox permission require explicit administrator privilege to install.
The following example shows how a task pane add-in specifies the ReadDocument permission in its manifest. To keep permissions as the focus, other elements in the manifest aren't displayed.
For more information about permissions for task pane and content add-ins, see Requesting permissions for API use in add-ins.
For more information about permissions for Outlook add-ins, see the following topics:
Microsoft Office Trust Center Mac Computer
Same origin policy
Because Office Add-ins are webpages that run in a web browser control, they must follow the same-origin policy enforced by the browser: by default, a webpage in one domain can't make XmlHttpRequest web service calls to another domain other than the one where it is hosted.
One way to overcome this limitation is to use JSON/P -- provide a proxy for the web service by including a script tag with a src attribute that points to some script hosted on another domain. You can programmatically create the script tags, dynamically creating the URL to which to point the src attribute, and passing parameters to the URL via URI query parameters. Web service providers create and host JavaScript code at specific URLs, and return different scripts depending on the URI query parameters. These scripts then execute where they are inserted and work as expected.
The following is an example of JSON/P in the Outlook add-in example.
Exchange and SharePoint provide client-side proxies to enable cross-domain access. In general, same origin policy on an intranet isn't as strict as on the Internet. For more information, see Same Origin Policy Part 1: No Peeking and Addressing same-origin policy limitations in Office Add-ins.
Tips to prevent malicious cross-site scripting
Microsoft Office Trust Center Mac Computer
An ill-intentioned user could attack the origin of an add-in by entering malicious script through the document or fields in the add-in. A developer should process user input to avoid executing a malicious user's JavaScript within their domain. The following are some good practices to follow to handle user input from a document or mail message, or via fields in an add-in:
Instead of the DOM property innerHTML, use the innerText and textContent properties where appropriate. Do the following for Internet Explorer and Firefox cross-browser support:
For information about the differences between innerText and textContent, see Node.textContent. For more information about DOM compatibility across common browsers, see W3C DOM Compatibility - HTML.
If you must use innerHTML, make sure the user's input doesn't contain malicious content before passing it to innerHTML. For more information and an example of how to use innerHTML safely, see innerHTML property.
If you are using jQuery, use the .text() method instead of the .html() method.
Use the toStaticHTML method to remove any dynamic HTML elements and attributes in users' input before passing it to innerHTML.
Use the encodeURIComponent or encodeURI function to encode text that is intended to be a URL that comes from or contains user input.
See Developing secure add-ins for more best practices to create more secure web solutions.
Tips to prevent 'Clickjacking'
Because Office Add-ins are rendered in an iframe when running in a browser with Office host applications, use the following tips to minimize the risk of clickjacking -- a technique used by hackers to fool users into revealing confidential information.
First, identify sensitive actions that your add-in can perform. These include any actions that an unauthorized user could use with malicious intent, such as initiating a financial transaction or publishing sensitive data. For example, your add-in might let the user send a payment to a user-defined recipient.
Microsoft Word Trust Center Mac
Second, for sensitive actions, your add-in should confirm with the user before it executes the action. This confirmation should detail what effect the action will have. It should also detail how the user can prevent the action, if necessary, whether by choosing a specific button marked 'Don't Allow' or by ignoring the confirmation.
Third, to ensure that no potential attacker can hide or mask the confirmation, you should display it outside the context of the add-in (that is, not in an HTML dialog box).
Here are some examples of how you could get confirmation:
Send an email to the user that contains a confirmation link.
Send a text message to the user that includes a confirmation code that the user can enter in the add-in.
Open a confirmation dialog in a new browser window to a page that cannot be iframed. This is typically the pattern that is used by login pages. Use the dialog api to create a new dialog.
Also, ensure that the address you use for contacting the user couldn't have been provided by a potential attacker. For example, for payment confirmations use the address on file for the authorized user's account.
Other security practices
Developers should also take note of the following security practices:
Developers shouldn't use ActiveX controls in Office Add-ins as ActiveX controls don't support the cross-platform nature of the add-in platform.
Content and task pane add-ins assume the same SSL settings that the browser uses by default, and allows most content to be delivered only by SSL. Outlook add-ins require all content to be delivered by SSL. Developers must specify in the SourceLocation element of the add-in manifest a URL that uses HTTPS, to identify the location of the HTML file for the add-in.
To make sure add-ins aren't delivering content by using HTTP, when testing add-ins, developers should make sure the following settings are selected in Internet Options in Control Panel and no security warnings appear in their test scenarios:
Make sure the security setting, Display mixed content, for the Internet zone is set to Prompt. You can do that by selecting the following in Internet Options: on the Security tab, select the Internet zone, select Custom level, scroll to look for Display mixed content, and select Prompt if it isn't already selected.
Make sure Warn if Changing between Secure and not secure mode is selected in the Advanced tab of the Internet Options dialog box.
To make sure that add-ins don't use excessive CPU core or memory resources and cause any denial of service on a client computer, the add-in platform establishes resource usage limits. As part of testing, developers should verify whether an add-in performs within the resource usage limits.
Before publishing an add-in, developers should make sure that any personal identifiable information that they expose in their add-in files is secure.
Developers shouldn't embed keys that they use to access third-party APIs or services (such as Bing, Google, or Facebook) directly in the HTML pages of their add-in. Instead, they should create a custom web service or store the keys in some other form of secure web storage that they can then call to pass the key value to their add-in.
Developers should do the following when submitting an add-in to AppSource:
- Host the add-in they are submitting on a web server that supports SSL.
- Produce a statement outlining a compliant privacy policy.
- Be ready to sign a contractual agreement upon submitting the add-in.
Other than resource usage rules, developers for Outlook add-ins should also make sure their add-ins observe limits for specifying activation rules and using the JavaScript API. For more information, see Limits for activation and JavaScript API for Outlook add-ins.
IT administrators' control
In a corporate setting, IT administrators have ultimate authority over enabling or disabling access to AppSource and any private catalogs.
The management and enforcement of Office settings is done with group policy settings. These are configurable through the Office Deployment Tool, in conjunction with the Office Customization Tool.
| Setting name | Description |
|---|---|
| Allow Unsecure web add-ins and Catalogs | Allows users to run non-secure add-ins, which are add-ins that have webpage or catalog locations that are not SSL-secured (https://) and are not in users' Internet zones. |
| Block Web Add-ins | Allows you to prevent users from using web add-ins. |
| Block the Office Store | Allows you to prevent users from using or inserting web add-ins that come from the Office Store. |
Important
If your working groups are using multiple releases of Office, group policy settings must be configured for each release. Please refer to the Using Group Policy to manage how users can install and use apps for Office of the Overview of apps for Office 2013 article for details on group policy settings for Office 2013.