You want to require that a manager approves all comments before they become final in a co-authored Word document. Word does not include a built-in approval workflow that routes comments to a specific manager for review. This article explains how to simulate a comment approval process by combining Word’s Track Changes, protected view, and SharePoint or Microsoft 365 permissions.
Key Takeaways: Simulating a Manager Approval Workflow for Comments
- Review > Restrict Editing > Allow only this type of editing in the document > Comments: Locks the document so only comment insertion is allowed, preventing direct edits from co-authors.
- SharePoint or OneDrive permission levels (Contribute vs. Approve): Restricts who can accept or reject comments by assigning the manager a higher permission role.
- Review > Show Markup > Specific People: Lets the manager filter comments by author to review only those from specific co-authors.
How Word Handles Comments and Why There Is No Built-In Approval Workflow
Word co-authoring allows multiple people to insert, reply to, and resolve comments in real time. By default, any co-author with edit permissions can mark a comment as Done or delete it. There is no role-based approval system inside Word that assigns a manager to review comments before they are resolved.
The feature you need is not a single button. It requires combining Word’s document protection with Microsoft 365 or SharePoint permissions. The goal is to let co-authors add comments but restrict who can accept or reject those comments to a designated manager.
The process relies on two layers. First, you lock the document so only comment insertion is allowed. Second, you assign the manager account a permission level that includes the right to remove document protection or to modify tracked changes. This article covers the exact steps for both layers.
Steps to Restrict Co-Authors to Comment-Only Editing
Before you can assign a manager role, you must prevent co-authors from directly resolving comments. Use Word’s Restrict Editing feature to limit editing to comment insertion only.
- Open the document in Word
Make sure the document is saved to OneDrive or SharePoint so co-authoring is enabled. The file must be a .docx format. - Navigate to Review > Restrict Editing
In the Review tab, click Restrict Editing. The Restrict Editing pane opens on the right side of the window. - Enable editing restrictions
Under Editing restrictions, check the box that says Allow only this type of editing in the document. From the dropdown list, select Comments. - Start enforcement
Click Yes, Start Enforcing Protection. A dialog box appears. Type a password that only the manager knows. Confirm the password and click OK. - Save and share the document
Save the document. Now co-authors can insert and reply to comments but cannot resolve them or edit the document body. Only the person with the password can stop protection and resolve comments.
Assigning the Manager Role Through SharePoint or OneDrive Permissions
The password protection in step 4 is stored inside the Word file. To make the workflow manageable, the manager should be the only person who knows the password. You control who gets the password by setting folder or document permissions in SharePoint or OneDrive.
- Open the document location in SharePoint or OneDrive
Go to the folder where the document is stored. Click the three dots next to the file name and select Manage access or Details. - Remove direct edit access for co-authors
In the permissions panel, remove any user who should not have full edit rights. Co-authors need only the Contribute permission level, which allows them to edit the file but not change permissions. - Grant the manager Full Control or Design permission level
Add the manager’s account and assign the Full Control permission level. In SharePoint, Full Control includes the ability to break inheritance and change permissions. This step ensures the manager can always remove the password protection if needed. - Share the document link with co-authors
Use the Share button to send a link with Can Edit permission to co-authors. They will be able to open the document, add comments, but not resolve them because of the password protection.
How the Manager Reviews and Approves Comments
When co-authors finish adding comments, the manager follows this procedure to review and approve each comment.
- Open the protected document
The manager opens the file from SharePoint or OneDrive. Word shows a message that the document is restricted. - Stop protection
Go to Review > Restrict Editing. In the pane, click Stop Protection. Enter the password set earlier. - Review each comment
In the Review tab, click Next Comment to jump through each comment. Read the content and decide whether to accept or reject it. - Resolve approved comments
To approve a comment, click the checkmark icon in the comment balloon or right-click the comment and select Mark as Done. The comment is hidden but not deleted. To reject a comment, click the X icon or right-click and select Delete Comment. - Reapply protection after review
After resolving all comments, go back to Review > Restrict Editing and reapply the same password protection. This step prevents co-authors from making further changes without approval.
Common Issues When Using Comment-Only Protection in a Co-Author Workflow
Co-authors cannot add comments because the document is locked
If co-authors see a message that the document is read-only, the Restrict Editing setting was applied incorrectly. Open the document, go to Review > Restrict Editing, and verify that Comments is selected in the dropdown. If the document was protected with a different setting, stop protection and reapply with the Comments option.
The manager password is lost or forgotten
Word does not offer a password recovery tool for document protection. If the password is lost, the only way to remove protection is to use a third-party password recovery tool or to recreate the document from a backup. Store the password in a secure password manager accessible to the manager.
Co-authors can still resolve comments by editing the file in a different app
If a co-author opens the document in Word for the web, the Comments-only restriction may not be enforced. Word for the web respects Track Changes but sometimes ignores Restrict Editing settings. To prevent this, share the document with Can Edit but not Can View permissions. Monitor the document version history to detect unauthorized changes.
Comment-Only Protection vs Full Document Lock: Workflow Differences
| Item | Comment-Only Protection | Full Document Lock (Read-Only) |
|---|---|---|
| Co-authors can insert comments | Yes | No |
| Co-authors can edit body text | No | No |
| Manager can resolve comments | Yes (after removing protection) | N/A |
| Password required | Yes | Yes |
| Workflow suitability | Best for comment approval | Best for final distribution |
Comment-only protection lets co-authors contribute feedback while the manager retains final approval authority. A full document lock stops all input and is better suited for documents that are ready for publication.
You can now set up a comment approval workflow by combining Word’s Restrict Editing feature with SharePoint or OneDrive permissions. The manager holds the password and the Full Control permission level. Co-authors can add comments but cannot resolve them. For a more automated solution, consider using Microsoft Power Automate to create a flow that sends a notification to the manager when new comments are added. This approach removes the need to manually check the document for pending comments.