For legacy formats you must support (e.g., .xls files from a legacy ERP system), set the behavior to Protected View , not Hard Block . For truly dangerous formats ( .xla macro sheets, .wbk Word backup files), set the behavior to Hard Block . The "Save" Block: A Compliance Nightmare Most admins focus on "Open" blocks. The real policy drama comes from "Save" blocks.
Modern ransomware campaigns specifically target older formats because security tools often scan new .docx files rigorously but ignore a .xls file from 2003. If you are in IT support, you know the ticket. A senior executive tries to open a 15-year-old budget file. They see: "Microsoft Excel cannot open or save any more documents because there is not enough available memory or disk space." (This error is a lie. The problem isn't memory; it is the File Block Settings.)
You can deploy specific GUIDs for each file type. For example, the policy setting for blocking legacy Excel 2.0 spreadsheets is a simple registry key under: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Security\FileBlock file block settings in the trust center
If you use Group Policy, always set the "Set Default File Block Behavior" policy. This determines whether the user sees an error message, a warning, or a silent failure. The worst thing you can do is block a file type without a clear error message—your helpdesk will drown in "corrupted file" tickets. The "Open Anyway" Loophole (And Why You Should Close It) By default, when a file is blocked by these settings, the user gets a message and no option to override . However, older versions of Office (2010/2013) had a checkbox: "Do not show this message again and allow me to open."
This is the "graceful compromise." It allows the file to open, but inside a sandboxed window where Editing, Saving, Printing, and Macros are disabled. For legacy formats you must support (e
"Blocking save prevents users from creating dangerous files." Reality: It prevents them from creating legacy files. They can still create a dangerous .docm (macro-enabled document) unless you block that separately in Macro Settings. Final Verdict: Should You Tweak These Settings? For the home user: Leave them at their default (Microsoft's out-of-box settings). The defaults block only the truly ancient and dangerous formats (Excel 4.0, Word 2.0, etc.). Do not unblock them unless you absolutely trust the source.
| File Type | Extension | Risk Level | Recommended Action | | :--- | :--- | :--- | :--- | | | .xlm | Critical | Hard Block (Open & Save) | | Word 2 / Word 6.0 | .doc (pre-97) | High | Hard Block | | Excel 95 Workbooks | .xls (pre-97) | High | Hard Block | | PowerPoint 95 | .ppt (pre-97) | Medium | Protected View | | Web Pages | .htm , .html | Medium | Block Open (they trigger scripts) | Group Policy: Managing at Scale The worst way to manage File Block Settings is by walking to each desk. The best way is via Group Policy Administrative Templates (ADMX/ADML). The real policy drama comes from "Save" blocks
We often talk about macros, add-ins, and ActiveX controls when discussing Office security. But lurking just a few clicks away in the Trust Center is a feature that is simultaneously one of the most protective and one of the most frustrating in the Microsoft 365 ecosystem: File Block Settings .