From Microsoft Corporation
MC231204 · Published Dec 22, 2020
Action required by Jan 31, 2021
From QuixTec, LLC: about Microsoft Technical Bulletins: The information contained in these technical bulletins are provided ‘unaltered’ from the Microsoft 365 Message center. As an authorized Microsoft Partner, QuixTec’s’ Custom SharePoint Development and Office 365 expertise takes Microsoft notifications into full account throughout initiatives. We tailor your solution according to your corporate style and business requirements and make recommendations based upon our knowledgebase of Microsoft Technologies and technical bulletins. QuixTec’s Microsoft SharePoint development services delivers user-friendly, feature-rich applications. For example: using SharePoint’s flexibility, the solutions we create for you will be intuitive and welcome your users to collaborate and capture crucial information necessary to efficiently complete tasks. (425) 367-9025
Antimalware Scan Interface (AMSI) integration with Office is expanding to include runtime inspection of Excel 4.0 (XLM) macros, an addition to existing support for Visual Basic for Applications (VBA). The existing default behavior for runtime inspection of VBA macros will also apply to XLM macros, providing an additional layer of security for users with Excel for Desktop on Windows.
- Timing: Monthly Enterprise Channel, February 2021
- Roll-out: tenant level
- Control type: admin control
- Action: review and assess by January 31, 2021
How this will affect your organization
AMSI is an open interface available on Windows 10 for applications to request, at runtime, a synchronous scan of a memory buffer by an installed antivirus or security solution.
When AMSI detects malicious activity, Excel first notifies the user and then terminates the application session. This intervention can stop an attack in its tracks.
In its default configuration, AMSI scans macros at runtime except in these scenarios:
- Documents opened from trusted locations
- Documents opened while macro security settings are set to “Enable All Macros”
- Documents that are trusted documents
When this feature is enabled, affected macro runtime performance may be affected.
What you need to do to prepare
AMSI integration is on by default in the Monthly Enterprise Channel for Excel and other Office 365 client applications.
The group policy setting Macro Runtime Scan Scope specifies which documents the VBA and XLM Runtime Scan will inspect.
- Configure the Macro Runtime Scan Scope policy by January 31, 2021 if you wish to deviate from the default settings.
- If you choose to change the settings or disable, that policy setting will affect both VBA and XLM macros.
- Designate trusted locations for files in Office 2016
- How the Antimalware Scan Interface (AMSI) helps you defend against malware
- Office VBA + AMSI: Parting the veil on malicious macros
- Working with Excel 4.0 macros
QuixTec, LLC is a U.S. certified Veteran Owned, modern DevOps organization and Microsoft Partner that specializes in Microsoft SharePoint, Office 365 & HTML5 technologies for small to enterprise-sized organizations. Richard has 30 years of experience working with several notable companies that include World Vision, Expedia, Microsoft, Levi Strauss, NASA, Boeing Aerospace, Los Alamos National Laboratory and the U.S. Air Force, to name a few. QuixTec is located in the Seattle area. Phone today for a free consultation and project estimate: (425) 367-9025