Microsoft Office Will Now Block VBA Macros by Default

Laurent Giret
Feb 08, 2022
20

Microsoft is making its Office apps more secure by blocking Visual Basic for Applications (VBA) macros obtained from the Internet by default. Office users will no longer be able to enable these macros with the click of a button, and the apps will soon display a message bar with a security warning and a support page instead.

To enable these macros, Office users will need to save the file on a local hard drive, network drive, or cloud storage service like OneDrive, and then unblock the file manually. Microsoft already has a support page with detailed instructions on how to proceed, and this same page will be available in the message bar that will show up when Office users open files with VBAs macros coming from the Internet.

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!

"*" indicates required fields

This new default behavior regarding Office macros will apply to Word, Excel, PowerPoint, Visio, and Access. As macros obtained from the Internet have been a notorious source of malware, Microsoft believes that this change should better protect consumers and enterprise customers using Office.

“For years Microsoft Office has shipped powerful automation capabilities called active content, the most common kind are macros. While we provided a notification bar to warn users about these macros, users could still decide to enable the macros by clicking a button. Bad actors send macros in Office files to end-users who unknowingly enable them, malicious payloads are delivered, and the impact can be severe including malware, compromised identity, data loss, and remote access,” explained Microsoft’s Kellie Eickmeyer.

Microsoft plans to start blocking VBA macros obtained from the Internet in Office by default in early April 2022, and the new default behavior will roll out first to Microsoft 365 subscribers in the Current Channel (Preview). The change will also make its way to Office LTSC, Office 2021, Office 2019, Office 2016, and Office 2013, though Microsoft has yet to share an ETA.

Tagged with

Please check our Community Guidelines before commenting

Conversation 20 comments

jordan_meyer
Premium Member
08 February, 2022 - 8:50 am

Nice write up. Congrats on the new job. Couple of typos:2nd pp is missing the bolded ‘d’ "To enable these macros, Office users will need to save the file on a local hard drive, network drive…" 3rd pp has office vision instead of visio

Log in to Reply
red.radar
Premium Member
08 February, 2022 - 9:15 am

This looks like it will be disruptive. The number of macro-enabled files shared within a corporate intranet are rather large. That being said, I understand why they want to change. The next step is to sign these macro enabled files with a certificate to allow the macro to run. This way a colleague who shares a file with me from the same Corporate licensed M365 account can automatically know it is safe. But any external file with a different certificate or signature or lack there of gets automatically blocked. It is as if the Office document container needs to support default encryption and signature signing. That would solve this problem but maintain the functionality. 

Log in to Reply

fishnet37222
Premium Member
08 February, 2022 - 9:51 am

This will only show up on those files downloaded from the internet.

Log in to Reply

alissa914

08 February, 2022 - 10:24 am

Somehow, I bet "mark of the web" will extend to network drives and to add new folder locations will require people to research where the setting is … kind of like how it is currently. I get why they’re doing it, but "mark of the web" was always something that plagued me running on a VM hitting my main PC drive

Log in to Reply
red.radar
Premium Member
08 February, 2022 - 12:47 pm

I know that is what the Press release says, but practically every time i download a file off my intranet, or open it from a trusted internal sender in email. I see the same this has macros and is from internet warning. It makes me question if they have the capability to distinguish External vs Internal network distribution. They may be assuming that people are using OneDrive and teams. Which is not always valid. Lots of stuff gets distributed as copies via Email or hosted on internal websites. I still think its a good change, just saying there will be some disruption and behavior modification require. 

Log in to Reply

proftheory
Premium Member
09 February, 2022 - 4:35 pm

One comes from a web address the other from C:\Users\employee1\Downloads.

Log in to Reply

hrlngrv
Premium Member
08 February, 2022 - 6:50 pm

After all, everyone knows a file downloaded from the Internet and saved as a local file can’t possibly be dangerous. [Do I need a /s tag?] I fail to see the benefit of disabling macros in a file opened from, say, wtf.urs0scr3w3d.ru but not disabling them when the same file is saved locally.

Log in to Reply

spacein_vader
Premium Member
08 February, 2022 - 9:58 am

It’ll only be Web downloaded files and I suspect at a corporate level there’s probably a switch to disable it if need be. 

Log in to Reply
igor engelen

08 February, 2022 - 11:14 am

It seems admins can still specify trusted locations for which macros are not blocked so seems like an improvement to me.

Log in to Reply

bluvg

08 February, 2022 - 11:53 am

So… just save the untrusted doc to a trusted location, problem solved. ?

Log in to Reply

hrlngrv
Premium Member
08 February, 2022 - 6:56 pm

+1 There are times the solution is just obvious.

Log in to Reply
igor engelen

09 February, 2022 - 1:38 pm

That’s not how people I support tend to think…

Log in to Reply

wright_is
Premium Member
09 February, 2022 - 12:21 am

Companies should also be signing any of their approved macros.

Log in to Reply

bluvg

08 February, 2022 - 11:51 am

Default encryption would make them not AV-scanable, perhaps solving one problem but creating another (assuming you’d still accept files from outside the org). You can default encryption with MIP today, but that is not enabled lightly….

Log in to Reply
lvthunder
Premium Member
08 February, 2022 - 3:04 pm

The next step is to get these macros converted to the Javascript API’s that are hosted in the cloud instead of in the document.

Log in to Reply
proftheory
Premium Member
09 February, 2022 - 4:30 pm

Even from a corporate address I would still recommend Save, Scan, then Open.As I’ve been saying for years "You’re more apt to get a virus from an email of someone you "know" than a stranger." Because people will trust it with a From: address with a familiar name without checking if the email address is correct for that person or it may be requesting personal info and the sender’s computer has been compromised.

Log in to Reply

hrlngrv
Premium Member
08 February, 2022 - 6:46 pm

Semiserious (75% serious/25% tongue-in-cheek) question: have any of the rest of you ever seem any VBA macros in a PowerPoint file? I haven’t. If I ever had, I would have assumed immediately it was malware.

Log in to Reply
hrlngrv
Premium Member
08 February, 2022 - 6:54 pm

Serious question: will Office disable VBA macros in Office documents with digitally signed VBA modules when the digital signature is on a user’s (or organization’s) list of approved digital signatures?

Log in to Reply
ekim
Premium Member
08 February, 2022 - 7:36 pm

"will apply to Word, Excel, PowerPoint, Visio, and Access" What about Outlook? 

Log in to Reply
midpacific

09 February, 2022 - 4:19 pm

Seriously. Please help me here. How is this a new thing? I have never been able to send anyone an Excel file any expect them to be able to run macros. I wrote a neat Wordle macro in Excel VBA and sent it to someone a few weeks ago. Could they run it? No! What is new here?

Log in to Reply

About author

Laurent Giret

Laurent a Senior News Editor at Thurrott.com. He's been writing about the tech industry for many years and his favorite topics to cover include Big Tech, media, and gaming.

View Articles

Currently on Forums
Visit the forums
- Newsletters Keep or Let ‘Em Go 🎶
  Posted by j5
  
  1
  comment
- Newsletters Keep or Let ‘Em Go 🎶
  Posted by j5
  
  0
  comment
- Proton Mail setup Test
  Posted by Christian Gaeng
  
  3
  comments
- Drunk purchase “microsoftyousuck.com”
  Posted by andybarzyk
  
  3
  comments
Podcasts
Podcast Hub
- Microsoft’s NEW Loop Feature to Challenge Notion
  
  Aired on April 19, 2024 by Russell Smith with 0 Comments
- First Ring Daily 1586: “Tech” Podcast
  
  Aired on April 19, 2024 by Brad Sams with 0 Comments
- The Sams Report: Microsoft Wants to Fragment Windows
  
  Aired on April 19, 2024 by Brad Sams with 0 Comments
- First Ring Daily 1585: Extensioned
  
  Aired on April 18, 2024 by Brad Sams with 0 Comments
Join the crowd where the love of tech is real - become a Thurrott Premium Member today!

Explore Premium Benefits

Microsoft Office Will Now Block VBA Macros by Default

Windows Intelligence In Your Inbox

Tagged with

Share post

Conversation 20 comments

Newsletters Keep or Let ‘Em Go 🎶

Newsletters Keep or Let ‘Em Go 🎶

Proton Mail setup Test

Drunk purchase “microsoftyousuck.com”

Microsoft’s NEW Loop Feature to Challenge Notion

First Ring Daily 1586: “Tech” Podcast

The Sams Report: Microsoft Wants to Fragment Windows

First Ring Daily 1585: Extensioned

Windows Intelligence In Your Inbox

Sections

About Thurrott

Contact

Our Other Sites

Subscribe