Our anisation seeks to block EXTERNAL VBA macros in spreadsheets.

Is it true that if digital signatures were to be enforced, that all existing VBA spreadsheets, including internal vba spreadsheets would also be signed to continue to work?

In other words, is it an all or nothing security approach?

Or can external macros that have been digitally signed work as well as unsigned internal macros in trusted locations, but all other macros are blocked. To be clear, in this 'mixed' scenario, we would still want unsigned external macros to be blocked.

Does anyone know if this kind of mixed security environment is configurable through standard security settings functionality? Or is it either one or the other uniform security approach

Many thx, JonS