Microsoft continues rollout for default disabling of Office VBA macros

[German] is once again moving forward with its plans to disable macros in Office 365 by default. Macros in Office are a gateway for malware such as Dridex, Emotet, Trickbot, Qbot, etc. It's an on-off story that Microsoft has been running there for the last few weeks – but now a rollout is in progress again.


Blocking VBA macros: Yes, No, Yes …

Microsoft had communicated in an announcement of February 8, 2022 that one would like to change for security reasons the behavior of Microsoft Office to block Macros from files, which were loaded from the Internet. This is explained in more detail in the Techcommunity post Helping users stay safe: Blocking internet macros by default in Office. There, in February 2022, it was said:

Roadmap: Blocking VBA-Macros in Office   

We're introducing a default change for five Office apps that run macros:

VBA macros obtained from the internet will now be blocked by default

For macros in files obtained from the internet, users will no longer be able to enable content with a click of a button. A message bar will appear for users notifying them with a button to learn more. The default is more secure and is expected to keep more users safe including home users and information workers in managed organizations.

This change should only affect Office on devices running Windows and only the following applications: Access, Excel, PowerPoint, Visio, and Word. The change was to be rolled out with version 2203 for the aforementioned applications, starting with the Current Channel (Preview) in early April 2022. Later, this change was also planned to be rolled out in the other update channels like the Current Channel, Monthly Enterprise Channel and Semi-Annual Enterprise Channel and they even wanted to roll this out to Office LTSC, Office 2021, Office 2019, Office 2016 and Office 2013. So far so good.

Then as of July 8, 2022, there was news that Microsoft was backing down and suspending the default deactivation of VBA macros in Office. I had reported about this in the blog post Microsoft does not want to block macros in Office by default after all. Microsoft had not explained the reason for this decision, but only referred to "feedback from users". This note was probably bumped up on July 6, 2022 by a user who asked on Techcommunity in the original article if the feature had been rolled back.

Oh, sorry, we didn't mean that

After the above story caused some fuss, the company rowed back. In the blog post Office macro blockade: suspension is only temporary, I had picked up the hint that Microsoft's "suspension of macro deactivation" was only temporary. An excerpt from the addendum in the Techcommunity post said:


This is a temporary change, and we are fully committed to making the default change for all users. We will provide additional details on timeline in the upcoming weeks.

The reason for this second U turn remained in the dark, but it was clear that something would change again at some point.

Now macros will be deactivated again

As of July 20, 2022, Microsoft then added an update in the Techcommunity post announcing the rollout of disabled VBA macros to the Current Channel for Office 365.

We're resuming the rollout of this change in Current Channel. Based on our review of customer feedback, we've made updates to both our end user and our IT admin documentation to make clearer what options you have for different scenarios. For example, what to do if you have files on SharePoint or files on a network share. Please refer to the following documentation:

If you ever enabled or disabled the Block macros from running in Office files from the Internet policy, your organization will not be affected by this change.

So we are now where we were a few weeks ago. Let's see how this continues – in any case, now you are informed.  (via)

Cookies helps to fund this blog: Cookie settings

This entry was posted in Office, Security and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *