Forum Discussion
SharePoint/Excel - This content presents a potential security issue. Do you trust this content?
Since this morning several client versions of excel that have a pointing to sharepoint (our tenant) give the following message; does this happen to anyone else?
- Microsoft has updated and applied the fix on 14 Aug 2024, 9:24 am AEST
It would be best if you restarted the client machine; I have done it at our end, and it's working fine for Word and Excel. There is no security warning message now...
Cheers 🙂- Hi, well, little by little it's working out for everybody
Rechecked my opened incident with Microsoft, but they report 'No issue found'. So apparently Microsoft thinks this is not an issue, or atleast they seem to be unable to find something to even consider it an issue.
Going to reverify with my users if the problem still persists...This is one of the biggest botched fiascos from MS that I've seen in a while (and I've seen a few in my day). Three different service advisory numbers, each one closed out claiming the issue was resolved and none of them ever mentioned trusted sites or updating apps. Now, the third advisory is back again in my admin portal finally mentioning that we must update the apps to receive the fix.
SP867513
- I don't understand why so many are unwilling to make the change to Trusted Sites either via Group Policy, Intune, or other management software. Adding sites to Trusted sites (both in Office Trust Center and Internet Options) should be considered best practice for managing security. Sure, it's something like four different URLs you need to add, but it isn't hard and is well documented on how to control this.
And no, I won't respond to the people who think they shouldn't have to manage their security.- Good day CKennedy. People have their reasons. Of course it is easy to setup a trusted site, but the wrongful security message was never an issue for anyone until Microsoft seemingly made it an issue around the end of July (or when this thread was opened). That is why I wasn't too concerned and preferred Microsoft to resolve their issue without having to make a "permanent" implementation for a "temporary" issue. We knew these files were not a security risk since they were from our own SharePoint site(s) using files we created.
Waiting was beneficial for my situation because Microsoft was able to resolve the issue with an update to O365 (at least it seems that way). Any of my users who still experienced the issue after the update (only 1), I simply used GPO to add the trusted site. It really isn't a big deal like you're making it out sound. I do agree that it is good practice for managing security with Trusted Sites, but it isn't the only way to implement good security practices.
I do find it interesting that it only affected a small subset of my users. Almost everyone uses a SharePoint site within their own team, but not everyone had this issue. Very weird nonetheless! - I did add those to the policy, but they did not solve the issue for me...
But I do understand that due to a change made in the backend apparently a policy change is needed and that change requirement (out-of-the-blue) irks people... Moreso since it could have been announced beforehand if that change was properly tested before being implemented.
- IMHO had Ms created a 3rth call number about this:
https://portal.office.com/adminportal/home?#/servicehealth/:/alerts/SP867513Hello @here-Still facing same issue after updating office to latest...
Same here in Vancouver, BC Canada
The problem STILL PERSIST 😞
Strange how some users never had this problem and only affects a few users. Is there something in their profile perhaps?
16 Aug 2024, 05:39 GMT+12
We've completed our internal validations of the configuration changes and redeployed the updated solution. While this did improve service health, user impact isn't completely remediated. We're configuring and validating additional changes that we expect will remediate impact once deployed. We'll provide an updated timeline for the remediation of impact if one becomes available.
Next update by: Saturday, 17 August 2024 at 06:00 GMT+12- BobKeller I get it from here https://admin.microsoft.com/Adminportal/Home#/servicehealth
OD861567 and SP861520
- Based on the urls seen in the security messages by our users we have needed to add a number of different url variations to the trusted sites to be entirely effective. These variations are:
- https://companyname.sharepoint.com
- https://companyname-files.sharepoint.com
- https://companyname-my.sharepoint.com
- https://companyname-myfiles.sharepoint.com
- https://outlook.office.com
With these added none of our users appear to be receiving the security warning any more.- While I already had added https://companyname.sharepoint.com to my policy (and found that not to be working), to make sure I added the remainder too (both as HTTPS and HTTP sites). Hope to hear back from the users if this alleviates the issues, but I concur with micheleariis that apparently a change Microsoft made brought the issue, and thus Microsoft should be able to resolve it without the users changing settings.
- You should not need to worry about including HTTP URLs; no legitimate public website will ever use unsecured connections again, especially not Microsoft.
- Hi, yes thank you; however, I don't want to create policy, by now my users have understood and circumvented the issue; I'm waiting for the final resolution from Microsoft
- Happened to us as well both SharePoint and OneDrive for business. We have to deploy a new GPO to add new SharePoint URL to safe site as a temporary solution
MS Update on OD861567 and SP861520, why they changed the numbers (OD843843 and SP843810) not sure (SLAs or something I'd bet)
> 15 Aug 2024, 05:45 GMT+12
> We're isolated a configuration problem which prevented our previous solution from remediating the impact. We've manually updated the configuration and are conducting updated internal validations before re-deploying the solution. While validations are underway, we're confirming our options for expediting the necessary deployment, and we're planning to provide an updated timeline for the remediation of impact once these internal validations have completed.
> Next update by: Friday, 16 August 2024 at 06:00 GMT+12- Hi, it hasn't been solved yet
- I've had what I believe are related problems. I have a largish spreadsheet with a pivot table. I open the sheet and update the data within and refresh the pivot table.
When I share a link to that in Teams odd things happen. If you open it, using the Teams default of the web app, you get a long pause, then it shows the sheet with last week's data. If you right click the link and choose to open with the desktop app, you get the warning that the file poses a security risk. If you tell it to open anyway, the sheet looks fine with updated data.
