Table of Contents
- Are You Missing Out on Critical AI & Security Settings in the Latest Office ADMX Update?
- Key Highlights of the Update
- Unclear Target Versions: Documentation Gaps
- Ambiguous Applicability
- Missing Compatibility Details
- Security Policies: Mostly for Microsoft 365
- M365-Centric
- Rare Perpetual Support
- AI Governance: Content Moderation and Safety
- Copilot-Driven Policies
- Content Moderation Controls
- Bidirectional Filtering
- Legacy AI Restrictions Remain
- Notable Policy Changes by Application
- Excel
- Outlook
- PowerPoint
- Publisher
- Word
- General Office Policies
- AI-related policies across all Microsoft 365 apps
- Best Practices for Managing Office ADMX Updates
- Central Store Management
- Documentation Review
- Security and AI Risk Management
Are You Missing Out on Critical AI & Security Settings in the Latest Office ADMX Update?
Microsoft’s recent update to the Office administrative templates (ADMX) introduces an impressive suite of 50 new settings, with a strong emphasis on controlling and securing built-in AI features. This update is essential for IT administrators aiming to maintain robust governance and compliance within their organizations.
Key Highlights of the Update
- AI-Focused PoliciesThe majority of new settings are designed to manage AI-powered features, especially those related to content moderation and safety.
- Enhanced Security Controls: Several new security-related policies target individual Office applications, but most are exclusive to Microsoft 365 Apps.
- Versioning Quirk: Microsoft continues to use the internal version number 16.0 for all Office app releases, meaning even the latest versions store registry settings under this key.
- Group Policy Limitations: Office 365 Business apps cannot be centrally managed via Group Policy, restricting centralized administration for these environments.
Unclear Target Versions: Documentation Gaps
Ambiguous Applicability
The updated ADMX templates are intended for both Microsoft 365 (subscription) and Office LTSC (perpetual license) editions.
Missing Compatibility Details
Unlike the Office 2024 update, where compatibility was embedded in the help text, the latest templates lack clear references, leaving Office 2021 and 2024 users uncertain about the effectiveness of new policies.
Security Policies: Mostly for Microsoft 365
M365-Centric
New security settings in the office16.admx file consistently reference Microsoft 365 Apps, implying limited or no support for LTSC versions.
Rare Perpetual Support
Only a single new policy, designed for Excel, appears to target non-subscription (perpetual) editions.
AI Governance: Content Moderation and Safety
Copilot-Driven Policies
The bulk of AI-related policies are presumed exclusive to Microsoft 365 subscriptions, as these are the only versions with Copilot AI integration.
Content Moderation Controls
Administrators can set tolerance levels (0–7) for hate speech, violence, and explicit content, using the same classification system as Azure AI Content Safety.
Bidirectional Filtering
The filters block both the input and output of harmful content. For example, if a user attempts to summarize text containing hate speech, the AI will refuse to generate a response if the policy is enabled.
Legacy AI Restrictions Remain
Previous restrictions on user training of AI models are retained in the latest release.
Notable Policy Changes by Application
Excel
Unicode Surrogate Support: Enables Compatibility Version 2 for better handling of certain functions in non-subscription Excel 2021 and 2024.
Outlook
Policy Removal: The requirement for the primary account to match the signed-in Windows account has been removed. Retain older templates if you still need this setting.
PowerPoint
- Disable Automatic Slide Advancement: Disables the “Use Timings” feature for all presentations when enabled.
- OLE Active Content Control: Manages prompts and activation for embedded OLE content.
Publisher
Disable Publisher: Prevents users from launching Microsoft Publisher.
Word
Show Agreements Ribbon: Controls visibility and access to contract management features.
General Office Policies
- Block Insecure Protocols: Prevents opening non-HTTPS links in Microsoft 365 Apps.
- Block OLE Graph and OrgChart: Disables specific add-ins and features, displaying static images instead of live charts.
- Restrict FPRPC Fallback: Manages fallback behavior for certain protocols.
- Restrict Known Folder Move (KFM) Prompts: Controls user notifications about moving folders.
Allowed severity of hate content in general for the computer.
Allowed severity of hate content in general for the user.
Allowed severity of hate content to and from the Alternative Text scenario for the computer.
Allowed severity of hate content to and from the Alternative Text scenario for the user.
Allowed severity of hate content to and from the Image Question and Answering scenario for the computer.
Allowed severity of hate content to and from the Image Question and Answering scenario for the user.
Allowed severity of hate content to and from the Prompt Assistance scenario for the computer.
Allowed severity of hate content to and from the Prompt Assistance scenario for the user.
Allowed severity of hate content to and from the Rewrite scenario for the computer.
Allowed severity of hate content to and from the Rewrite scenario for the user.
Allowed severity of hate content to and from the Summarization scenario for the computer.
Allowed severity of hate content to and from the Summarization scenario for the user.
Allowed severity of hate content to and from the Summarization with References scenario for the computer.
Allowed severity of hate content to and from the Summarization with References scenario for the user.
Allowed severity of hate content to and from the Text to Table scenario for the computer.
Allowed severity of hate content to and from the Text to Table scenario for the user.
Allowed severity of self-harm content in general for the computer.
Allowed severity of self-harm content in general for the user.
Allowed severity of self-harm content to and from the Alternative Text scenario for the computer.
Allowed severity of self-harm content to and from the Alternative Text scenario for the user.
Allowed severity of self-harm content to and from the Image Question and Answering scenario for the computer.
Allowed severity of self-harm content to and from the Image Question and Answering scenario for the user.
Allowed severity of self-harm content to and from the Prompt Assistance scenario for the computer.
Allowed severity of self-harm content to and from the Prompt Assistance scenario for the user.
Allowed severity of self-harm content to and from the Rewrite scenario for the computer.
Allowed severity of self-harm content to and from the Rewrite scenario for the user.
Allowed severity of self-harm content to and from the Summarization scenario for the computer.
Allowed severity of self-harm content to and from the Summarization scenario for the user.
Allowed severity of self-harm content to and from the Summarization with References scenario for the computer.
Allowed severity of self-harm content to and from the Summarization with References scenario for the user.
Allowed severity of self-harm content to and from the Text to Table scenario for the computer.
Allowed severity of self-harm content to and from the Text to Table scenario for the user.
Allowed severity of sexual content in general for the computer.
Allowed severity of sexual content in general for the user.
Allowed severity of sexual content to and from the Alternative Text scenario for the computer.
Allowed severity of sexual content to and from the Alternative Text scenario for the user.
Allowed severity of sexual content to and from the Image Question and Answering scenario for the computer.
Allowed severity of sexual content to and from the Image Question and Answering scenario for the user.
Allowed severity of sexual content to and from the Prompt Assistance scenario for the computer.
Allowed severity of sexual content to and from the Prompt Assistance scenario for the user.
Allowed severity of sexual content to and from the Rewrite scenario for the computer.
Allowed severity of sexual content to and from the Rewrite scenario for the user.
Allowed severity of sexual content to and from the Summarization scenario for the computer.
Allowed severity of sexual content to and from the Summarization scenario for the user.
Allowed severity of sexual content to and from the Summarization with References scenario for the computer.
Allowed severity of sexual content to and from the Summarization with References scenario for the user.
Allowed severity of sexual content to and from the Text to Table scenario for the computer.
Allowed severity of sexual content to and from the Text to Table scenario for the user.
Allowed severity of violent content in general for the computer.
Allowed severity of violent content in general for the user.
Allowed severity of violent content to and from the Alternative Text scenario for the computer.
Allowed severity of violent content to and from the Alternative Text scenario for the user.
Allowed severity of violent content to and from the Image Question and Answering scenario for the computer.
Allowed severity of violent content to and from the Image Question and Answering scenario for the user.
Allowed severity of violent content to and from the Prompt Assistance scenario for the computer.
Allowed severity of violent content to and from the Prompt Assistance scenario for the user.
Allowed severity of violent content to and from the Rewrite scenario for the user.
Allowed severity of violent content to and from the Rewrite scenario for the user.
Allowed severity of violent content to and from the Summarization scenario for the computer.
Allowed severity of violent content to and from the Summarization scenario for the user.
Allowed severity of violent content to and from the Summarization with References scenario for the computer.
Allowed severity of violent content to and from the Summarization with References scenario for the user.
Allowed severity of violent content to and from the Text to Table scenario for the computer.
Allowed severity of violent content to and from the Text to Table scenario for the user.
Disable local content safety in general for the computer.
Disable local content safety in general for the user.
Disable local content safety to and from the Alternative Text scenario for the computer.
Disable local content safety to and from the Alternative Text scenario for the user.
Disable local content safety to and from the Image Question and Answering scenario for the computer.
Disable local content safety to and from the Image Question and Answering scenario for the user.
Disable local content safety to and from the Prompt Assistance scenario for the computer.
Disable local content safety to and from the Prompt Assistance scenario for the user.
Disable local content safety to and from the Rewrite scenario for the computer.
Disable local content safety to and from the Rewrite scenario for the user.
Disable local content safety to and from the Summarization scenario for the computer.
Disable local content safety to and from the Summarization scenario for the user.
Disable local content safety to and from the Summarization with References scenario for the computer.
Disable local content safety to and from the Summarization with References scenario for the user.
Disable local content safety to and from the Text to Table scenario for the computer.
Disable local content safety to and from the Text to Table scenario for the user.
Best Practices for Managing Office ADMX Updates
Central Store Management
Always import new ADMX files into a dedicated folder, merge non-OS templates, and carefully rename folders to maintain version control.
Documentation Review
Due to inconsistent documentation, test new policies in a controlled environment before broad deployment.
Security and AI Risk Management
Regularly review AI-related settings to ensure compliance with organizational and regulatory requirements, especially regarding data privacy and content moderation.
Failure to correctly implement and understand these new policies could leave your organization exposed to security risks or non-compliance, especially as AI features become more deeply integrated into productivity software. Proactive policy management ensures you leverage the full power of Office’s AI features while maintaining control and security.
Stay ahead by thoroughly reviewing and testing the latest Office ADMX updates. Prioritize AI governance and security settings to protect your users and data, and be vigilant about documentation gaps that could impact your policy effectiveness.