This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 30%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAN%3C/text%3E%3C/svg%3E)
Hello everybody :)
We want to implement the BSI guidelines for the secure configuration of Microsoft Outlook 2016.
Here, however, we encounter the problem described below:
In accordance with the above guidelines, the following group policy user settings at the branch
'Microsoft Outlook 2016/Security/Security Form Settings/Programmatic Security/' are set to "Automatically reject":
However, since we use third-party software that automatically sends e-mails and uses Outlook and the Exchange address book, we configured the relevant DLL with an MD5 hash value to the group policy user settings at the branch
'Microsoft Outlook 2016/Security/Security Form Settings/Programmatic Security/Trusted Add-Ins/'.
Nevertheless, automated e-mails can no longer be sent from the third-party software.
What is wrong with this setting?
sincerly
Anonymus
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 11%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
Hi @Ano Nymus ,
According to my research and search, I found an official document that describes how to manage trusted add ins in detail: Manage trusted add-ins for Outlook 2010, please refer to this article to see if it is different from your configuration.
Meanwhile, I found in the discussion of some posts that if you want to successfully start the security policy, you need to enforce outlook security settings. If you do not configure these related settings, it is suggested that you could refer to the settings of outlook security mode for configuration to check whether there are differences.
Considering that I don't know which method you use to get the hash value and the configuration of DLL, and we are unable to test the same three-party software, if possible, it is suggested that you could change the way to get the hash value and configure other trusted add in to check whether there is any difference.
Hope the above is helpful to you. Please contact us if you have any questions!
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Good morning dear ChristyZhang-MSFT :)
Many thanks you for your effort and your reply. We use Group policy objects in an Active Directory environment SchemaVersion 87 with Exchange Schema Version 15333. This Outlook GPO is assigned to an organizational unit within the Active Directory. The GPO is active and enforced and is distritbuted to all objects within the mentioned OU.
I checked twice your mentioned Microsoft document, but did not found any difference to my configuration.
The hash of the DLL can get with the Powershell utility "Get-FileHash":
I used the SHA256 and the MD5 Hash of the DLL as well to check if there is any difference but it doesn't seem so.
But meanwhile I configured the following settings to "Prompt users based on their computer security"
...and it seems to work now.
But I'm still unsure if this is the appropriate setting for this configuration or if I just lowered down the security level.
I guess I need some more research to find a resilient answer.
But again, many thanks for your help!
Sincerly
Anonymus
Hi @Ano Nymus
Thank you for your reply!
According to my research and search, I found some articles about add-ins development, which mentioned some limitations(permissions and security) in the development of add-ins, for your reference:
Privacy, permissions, and security for Outlook add-ins
Important Security Notes for Microsoft Outlook COM Add-In Developers
This reminds me that there may be a possibility that the trusted add in you created goes beyond some compliance. To conform it, if it is possible, we could try to create other Trusted Add-Ins for testing.
For your requirement of working with this add-ins now, it seems that the workaround is to lower the level of security settings, just as you currently set.
Hello dear @ChristyZhang-MSFT
Many thanks for your reply!
I forwarded your thoughts and the mentioned articles to our developers. They will research and tell me, if our add-ins is compliant to the trust and security level.
I guess that our add-ins fulfill the requirements, but it's always better to look precisely. ;)
I'll come back when i have more to say about it. Meanwhile, many thanks for your help!
Sincerly
Anonymus
Hi @Ano Nymus ,
Thanks for your reply!
If you encounter development related problems during the research process, it is suggested that you could post in the development related forum for more professional advice.
Looking forward to your update!