For legacy formats you must support (e.g., .xls files from a legacy ERP system), set the behavior to Protected View , not Hard Block . For truly dangerous formats ( .xla macro sheets, .wbk Word backup files), set the behavior to Hard Block . The "Save" Block: A Compliance Nightmare Most admins focus on "Open" blocks. The real policy drama comes from "Save" blocks.
Modern ransomware campaigns specifically target older formats because security tools often scan new .docx files rigorously but ignore a .xls file from 2003. If you are in IT support, you know the ticket. A senior executive tries to open a 15-year-old budget file. They see: "Microsoft Excel cannot open or save any more documents because there is not enough available memory or disk space." (This error is a lie. The problem isn't memory; it is the File Block Settings.)
In essence, these settings tell Word, Excel, PowerPoint, and Visio: “When you encounter a file saved in [X format], do not let the user open it—or, at the very least, do not let them save to it.” file block settings in the trust center
They allow you to say: "I will never touch a Word 6.0 document again. Please treat it as a potential bomb."
After 90 days of Phase 2, change the policy to "Hard Block Open" . Any remaining legacy files become inaccessible. You will get three angry emails, but the migration will be over. Common Misconceptions Myth 1: "File Block Settings protect against all zero-day exploits." Reality: No. They protect against exploits in specific parsing libraries for specific old formats . A zero-day in .docx will bypass them completely. For legacy formats you must support (e
This is the "graceful compromise." It allows the file to open, but inside a sandboxed window where Editing, Saving, Printing, and Macros are disabled.
When Microsoft introduced the Open XML formats ( .docx , .xlsx , .pptx ) in 2007, they fixed structural security, but billions of legacy files remained in the wild. The real policy drama comes from "Save" blocks
In modern Microsoft 365 Apps (Semi-Annual Enterprise Channel), that override is often removed. If you block a file type, it is blocked . The only way to open it is for an admin to change the Trust Center policy or temporarily move the file to a whitelisted location (which is not a real fix). The Migration Strategy: How to Phase Out Legacy Formats If you want to finally kill .doc in your organization, do not flip the "Hard Block" switch tomorrow. That is a riot waiting to happen. Use a 3-phase strategy: