Yes, Microsoft Will Still Block VBA Macros by Default

Paul Thurrott
Jul 23, 2022
4

After a strange bit of back-and-forth, Microsoft announced that it will resume blocking VBA macros in Office by default starting July 27.

“We’re resuming the rollout of this change in Current Channel,” Microsoft’s Kellie Eickmeyer explains in a blog post that was originally published in February but updated this past week. “Based on our review of customer feedback, we’ve made updates to both our end user and our IT admin documentation to make clearer what options you have for different scenarios. For example, what to do if you have files on SharePoint or files on a network share.”

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!

"*" indicates required fields

Microsoft had announced in February that it would start blocking VBA macros obtained from the Internet by default in Office, forcing users to jump through a few hoops to run potentially dangerous code. But it appeared to backtrack earlier this month when it revealed that it was rolling back the change, which had been scheduled for June, because of feedback, presumably from corporate customers.

Security experts howled, explaining that VBA macros are inherently insecure.

“Sad decision,” Google Threat Analysis Group leader Shane Huntley tweeted. “Blocking Office macros would do infinitely more to actually defend against real threats than all the threat intel blog posts. I always see our main mission in threat intelligence is to drive the changes to protect people.”

But Microsoft never intended to not block the macros: it had rolled back the change to make “some additional changes to enhance usability,” and it said at that time that it was just a temporary thing. “We are fully committed to making the default change for all users.”

And now it has. Users interested in learning about the experience they’ll see when they try to run Internet-obtained VBA macros can refer to the Microsoft Support website. And Microsoft has a separate resource for IT pros as well.

Tagged with

Security

Please check our Community Guidelines before commenting

Conversation 4 comments

truerock2

23 July, 2022 - 3:49 pm

There are dozens of confusing warning messages that pop up for the Windows 10 users at our office. Nobody knows what they mean, and they have to have a notebook that they refer to for various processes, so they know when to ignore the warnings. I understand what Microsoft is trying to accomplish – it’s just that Microsoft is disorganized about how they worn users about things. The warning messages pop-up in all kinds of different dialog-boxes, banners, etc. Regardless, when we turn off security in various things in Microsoft Office to help users, Microsoft doesn’t provide a way to do it at the vba macro or document level. You can only turn it off for the entire Microsoft application or for all of Office or for all of Windows. The user has to refer to her notes as to whether the warning message is normal and needs to be ignored within a specific application or process.

Log in to Reply

hrlngrv
Premium Member
23 July, 2022 - 8:21 pm

| Microsoft doesn’t provide a way to do it at the vba macro or document level Yes it does. You can sign macros for in-house models which need to run VBA code. That’s workbook-level.

Log in to Reply

Daekar

23 July, 2022 - 5:51 pm

I hope to goodness that there will be some way to sign documents so that they’re trusted if the certificate is in the user’s store. 

Log in to Reply
blue77star

25 July, 2022 - 5:10 pm

In other words they removed a single reason to use Office instead of Libre Office. I dropped this garbage a long time ago in favor of Libre Office.

Log in to Reply

About author

Paul Thurrott

Paul Thurrott is an award-winning technology journalist and blogger with over 25 years of industry experience and the author of 30 books. He is the owner of Thurrott.com and the host of three tech podcasts: Windows Weekly with Leo Laporte and Richard Campbell, Hands-On Windows, and First Ring Daily with Brad Sams. He was formerly the senior technology analyst at Windows IT Pro and the creator of the SuperSite for Windows from 1999 to 2014 and the Major Domo of Thurrott.com while at BWW Media Group from 2015 to 2023. You can reach Paul via email, Twitter or Mastodon.

View Articles

Currently on Forums
Visit the forums
- Questions for 4/26?
  Posted by Brad Sams
  
  3
  comments
- Edge starting to force you to sign in…. (with small workaround)
  Posted by ralfred
  
  1
  comment
- Ads for Onedrive in Word
  Posted by Christian Gaeng
  
  4
  comments
- Distributed computing using Windows machines.
  Posted by Jogy
  
  5
  comments
Podcasts
Podcast Hub
- Windows Weekly 878: If You Build It, You Are Dumb
  
  Aired on April 25, 2024 by Paul Thurrott with 0 Comments
- NEW A.I. Features Unleashed in Microsoft Teams and Edge
  
  Aired on April 25, 2024 by Russell Smith with 0 Comments
- First Ring Daily 1590: In the Arms of an Ad
  
  Aired on April 25, 2024 by Brad Sams with 0 Comments
- First Ring Daily 1589: iPady
  
  Aired on April 24, 2024 by Brad Sams with 1 Comment
Join the crowd where the love of tech is real - become a Thurrott Premium Member today!

Explore Premium Benefits

Yes, Microsoft Will Still Block VBA Macros by Default

Windows Intelligence In Your Inbox

Tagged with

Share post

Conversation 4 comments

Questions for 4/26?

Edge starting to force you to sign in…. (with small workaround)

Ads for Onedrive in Word

Distributed computing using Windows machines.

Windows Weekly 878: If You Build It, You Are Dumb

NEW A.I. Features Unleashed in Microsoft Teams and Edge

First Ring Daily 1590: In the Arms of an Ad

First Ring Daily 1589: iPady

Windows Intelligence In Your Inbox

Sections

About Thurrott

Contact

Our Other Sites

Subscribe