We recommend using Visual Studio 2017

Secure Deployment


When you create an Office solution, your development computer is updated automatically to allow the code in your project to run. However, when you deploy your solution, you must provide evidence on which to base a trust decision by signing the solution with a certificate, or using the ClickOnce trust prompt key. For more information, see Granting Trust to Office Solutions.

Applies to: The information in this topic applies to document-level projects and VSTO add-in projects. See Features Available by Office Application and Project Type.

For document-level customizations, if you deploy the document to a network location, you must also add the document's location to the list of trusted locations in the Trust Center of the Office application. For more information about how to set document permissions on end user computers, see Granting Trust to Documents.

Administrators can use the registry to prevent all Office solutions from running on a computer. When an Office solution that has managed code extensions is opened, the Visual Studio Tools for Office runtime checks whether an entry with the name Disabled exists under one of the following registry keys on the computer:

  • HKEY_CURRENT_USER\Software\Microsoft\VSTO

  • HKEY_LOCAL_MACHINE\Software\Microsoft\VSTO

To prevent Office solutions from running code, create a Disabled entry under one or both of these registry keys, and specify one of the following data types and values for Disabled:

  • A REG_SZ or REG_EXPAND_SZ that is set to any string other than "0" (zero).

  • A REG_DWORD that is set to any value other than 0 (zero).

To enable Office solutions to run code, set both of the Disabled entries to 0 (zero), or delete the registry entries.

Deploying an Office Solution
Preparing Computers to Run or Host Office Solutions
Securing Office Solutions