Title

Roaming settings must be stored locally and not synchronized to the Microsoft Office roaming settings web service. (Cat II impact)

Discussion

Microsoft Office includes the ability to roam settings for specific Office features amongst devices by storing this data in the cloud. This data includes user activity such as the list of most recently used documents as well as user preferences such as the Office theme. This policy setting controls whether this data is allowed to be stored in the cloud. If this policy setting is enabled, roaming settings are only stored locally and not synchronized to the Microsoft Office roaming settings web service. If this policy setting is disabled or not configured, roaming settings are synchronized with the Microsoft Office roaming settings web service and users can access their data from other devices. Existing data in the cloud is not affected by this policy.

Check Content

Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Services >> "Disable Roaming Office User Settings" is set to "Enabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\roaming If the value 'roamingsettingsdisabled' is REG_DWORD = 1, this is not a finding.

Fix Text

Set the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Services >> "Disable Roaming Office User Settings" to "Enabled".

Additional Identifiers

Rule ID: SV-228540r508020_rule

Vulnerability ID: V-228540

Group Title: SRG-APP-000141

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.