Microsoft 365 Apps, Microsoft 365 Experts
From Microsoft Corporation
Technical Bulletin: MC322553 · Published Feb 7, 2022
VBA macros are a common way for malicious actors to gain access to deploy malware and ransomware. To help improve security, we are changing the behavior of Office applications to now block macros in files from the internet. Learn more in this blog post.
This change only affects Office on devices running Windows and only affects the following applications: Access, Excel, PowerPoint, Visio, and Word.
- Microsoft 365 Roadmap ID 88883
- Timing: The change will begin rolling out in Version 2203, starting with Current Channel (Preview) in early April 2022. Later, the change will be available in the other update channels, such as Current Channel, Monthly Enterprise Channel, and Semi-Annual Enterprise Channel.
- At a future date to be determined, we also plan to make this change to Office LTSC, Office 2021, Office 2019, Office 2016, and Office 2013.
- Action: Review and assess impact
How this will affect your organization:
Previously, it was possible for end users to enable these macros by simply clicking a button on the Trust bar.
Now, with this change, once a user opens an attachment or downloads from the internet an untrusted Office file containing macros, a message bar displays a Security Risk that the file contains VBA macros obtained from the internet with a Learn More button.
The Learn More button goes to an article for end users and information workers that contains information about the security risk of bad actors using macros, safe practices to prevent phishing and malware, and instructions on how to enable these macros (if absolutely needed).
What you need to do to prepare:
Enterprises should evaluate their use of macros in files obtained from the internet to determine how this new default behavior will affect their users.