Word showing documents in azure files as from the internet

Nick Sutton 156 Reputation points
2022-03-09T11:35:52.21+00:00

I have an Azure Files share that is accessed by an AVD host pool via a private connector. The share is mapped to a drive letter via GPO. When I open word and excel files that exist in the share I get the warning that this file is from the internet and could be unsafe.

Is there a way to prevent this? I don't want to set the drive as a trusted source because that will then bypass my macro rules to only run signed macros.

Thanks

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,872 questions
Office Management
Office Management
Office: A suite of Microsoft productivity software that supports common business tasks, including word processing, email, presentations, and data management and analysis.Management: The act or process of organizing, handling, directing or controlling something.
2,028 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Nick Sutton 156 Reputation points
    2022-03-21T16:11:23.687+00:00

    For anyone else with this problem I've managed to solve it.

    You will need a domain joined file server upon which you need to install the feature DFS Namespaces (under File and storage services, File and iSCSI services)
    Then you will need to modify the registry to enable the feature you need. Here is some PS to add the required keys.

    New-Item `
        -Type Registry `
        HKLM:SYSTEM\CurrentControlSet\Services\Dfs 
    New-Item `
        -Type Registry `
        HKLM:SYSTEM\CurrentControlSet\Services\Dfs\Parameters 
    New-Item `
        -Type Registry `
        HKLM:SYSTEM\CurrentControlSet\Services\Dfs\Parameters\Replicated 
    New-ItemProperty `
        HKLM:SYSTEM\CurrentControlSet\Services\Dfs\Parameters\Replicated `
        ServerConsolidationRetry -Value 1
    

    Then, using the DFS Management snapin in MMC you add a new namespace.

    For the server you enter the name of the server on which DFS installed.

    For the namespace name can either add the name of the server running DFS or, if you have an on-prem file server you're looking to replace, the name of that (as long as the actual file server is off and you've pointed an A record at this server with the old file servers name in your DNS server) but you must prepend a # to the name, so for example #SRVFILE01

    This only works with standalone namespace, so select that, then click create. Once the namespace has been created you can add a new folder. The name will be the share the user sees, then under folder targets, add the path to your Azure file share.

    Once this has all been done, users can browse to the file share at the server name you entered with the prepended # and Microsoft Office will not complain about it being an internet location.

    1 person found this answer helpful.

  2. Emily Hua-MSFT 27,551 Reputation points
    2022-03-11T09:31:13.943+00:00

    Hi @Nick Sutton

    Files from the Internet and from other potentially unsafe locations that may contain viruses, worms, or other kinds of malware that can harm your computer. For some security reasons, that protect your computer, files from these potentially unsafe locations are opened as read only or in Protected View, then you will find the message warning that this file is from the internet and could be unsafe.

    This behavior is by design, for more information, you can refer to "What is Protected View?". To eidt this file, you can click Enable Editing on the Message Bar.

    If conditions permit, you can try to disable Protected View for files originating from the Internet in Trust Center Settings as the file's source and content are trusted by you.

    Thanks for your understanding.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.