A customer of ours is having security issues because users are allowed to enable and run Office macros (and are easily tricked into doing so by malware or instructions in spam messages).
Ordinarily, I would just disable macros across their domain using Group Policy. However, this customer opted to purchase retail/small business editions of Office in nearly all cases, and using GP to control non-volume licensed MS Office is not supported.
They have Office 2007, 2010, and 2013 scattered across 75 or so PCs, shared by 150+ users. In other words, touching each PC to do this manually is basically impractical.
Is there some other, centralized/automated way to control macro behavior? How would you suggest we solve this problem?