Opening Microsoft Office documents from unknown sources can present a security risk because such files can carry viruses. To protect yourself and your computer from malware and other threats, Microsoft offers a feature called Protected View.
When enabled, Protected View opens Office documents in read-only mode with macros and other content disabled. You can easily bypass Protected View if you need to edit a certain document or other file, but you should also know where and how to manage Protected View. Among the core Microsoft Office applications, Word, Excel, and PowerPoint all include the Protected View feature. Let’s see how this works.
LEARN MORE: Office 365 Consumer pricing and features
First, you’ll want to review the settings for Protected View.
- Open Word, Excel, or PowerPoint.
- Go to File and then Options.
- From the Options window, click the entry for Trust Center.
- At the Trust Center window, click the button for Trust Center Settings.
- Click the entry for Protected View.
Microsoft Word, PowerPoint, and Excel offer three core settings, all of which are checked by default (Figure A):
- Enable Protected View For Files Originating From The Internet. This setting controls documents opened from a website.
- Enable Protected View For Files Located In Potentially Unsafe Locations. This setting controls files opened from certain folders considered unsafe, such as Temporary Internet Files.
- Enable Protected View For Outlook Attachments. This setting controls attachments that you try to open from an email message in Microsoft Outlook.
Excel adds two more settings, both of which are unchecked by default (Figure B):
- Always Open Untrusted Text-Based Files (.csv, .dif and .sylk) In Protected View
- Always Open Untrusted Database Files (.dbf) In Protected View
When done viewing the Protected View settings, click OK or Cancel to close the various options windows.
SEE: 30 things you should never do in Microsoft Office (free PDF) (TechRepublic)
Specific types of files also can cause a red flag with Protected View. Documents from older and outdated versions of Office, files that fail to pass validation, and files opened from someone else’s OneDrive storage might open in Protected View.
If you try to open a file from a location controlled by Protected View, the file opens in Read-Only Mode. You’ll see a message telling you that the file was opened from a potentially unsafe location. If you simply need to read or print the file, you can remain in Protected View. If you need to edit it, you can easily enough click on the button to Enable Editing (Figure C).
If you’re expecting the file and you know and trust the source, then you may be fine bypassing Protected View. If not, you’ll want to exercise the usual caution. If you bypass Protected View to edit a file and then save that file, it will open in edit mode any time you try to reopen it.
Let’s say you’re working with several files and locations one after the other and you keep running into Protected View. You can always return to the Protected View settings and uncheck the specific restriction. After you’re done, you should reenable the setting you disabled (Figure D).
At the Trust Center window, you’ll want to check out other settings related to Protected View. Click on the entry for Trusted Documents. One setting allows documents on a network to be trusted. You typically want to keep this setting checked so that you can easily open documents on your local network without running into Protected View (Figure E).
Next, maybe you’ve bypassed Protected View for certain files and documents so you can edit them, but now you want them to once again open in Protected View by default. To do this, click the Clear button next to Clear All Trusted Documents So That They Are No Longer Trusted. Click Yes to confirm (Figure F).
Now any document for which you bypassed Protected View in the past will once again open with Protected View enabled.
Next, click the entry for Trusted Locations. This window shows the trusted user folders from which you can open documents without bumping into Trusted View. You can remove or modify the existing locations and add any new folders to be trusted (Figure G).
You can manage Protected View and related settings for your entire organization through Group Policy. Download and set up the necessary Microsoft Office administrative templates for your version of Office. In Group Policy, navigate to the following setting: User Configuration | Administrative Templates. Navigate to the folder for the Office application you want to manage, such as Microsoft Word. Then move to the following setting: Word Options | Security | Trust Center. Here you’ll find settings for Protected View, Trusted Locations, and File Block Settings, any of which you can configure (Figure H).
Subscribe to the Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays