![Full Logo.png]](https://help.devicie.com/hs-fs/hubfs/Full%20Logo.png?height=30&name=Full%20Logo.png){kind=small}
ACSC E8 Nov 2023-ML2 Restrict Office macros
Overview:
The Devicie Essential Eight Maturity Level 2 Restrict Office Macros (Block) (Nov 2023) configuration is to meet the Australian Cyber Security Centre’s guidance for this mitigation strategy.
Intune Description:
E8 ML2 Restrict Office Macros (Block) (Nov 2023)
Scope:
This baseline should be applied to Windows devices. Must be deployed with “PROD-ACSC E8 Nov 2023-ML1 Restrict Office macros-Block”
Policy Impact Areas:
When deployed, this policy will impact:
-
Blocking when users attempt to use macros, within all Office 365 products
Deployment Notes
-
Pre-Deployment Considerations:
-
Recommended to utilise “ACSC E8 Nov 2023-ML1 Restrict Office macros-Allow with prompt” first, to measure user impact.
-
Consider users who may be impacted by this change (typically finance teams). Note that this is a block policy, so effective communication with user feedback will assist in longer term deployments to higher levels of controls.
-
-
Post-Deployment Validation:
-
Attempt to run a macro within Excel
-
Known Issues and Resolutions
-
Issue 1: Errors during deployment / unable to deploy
-
Resolution: If the "ACSC E8 Nov 2023-ML1 Restrict Office macros-Allow with prompt" template is deployed to the desired group, the deployment will fail.
-
Configuration Settings:
|
Name |
Value |
|
Defender |
|
|
Attack Surface Reduction Rules |
|
|
Block Win32 API calls from Office macros |
Block |
|
Devicie Template Name |
ACSC E8 Nov 2023-ML2 Restrict Office macros |
|
Default Intune Deployed Name |
Devicie - ACSC E8 Nov 2023-ML2 Restrict Office macros |
|
Version |
1.0 |
|
Template Last Updated |
Nov 18, 2025 |
|
Document Last Updated: |
Jul 24, 2025 |