Microsoft Office: Macro execution blocked for security reasons, when accessing Access ACCDB databases via IP address

[German]Recently, a problem was reported to me by Tobias Migge. The problem: Customers or users get "suddenly" the error that macros are blocked for security reasons when accessing backend ACDB databases via IP address, which are located on a server. The whole thing is probably related to the fact that Microsoft has started to block VBA macros for security reasons when files are located on Internet pages. I've rehashed this because there may be others affected.

Macro execution blocked on ACCBD database

It was a short tweet in which German blog reader Tobias Migge pointed me to a problem he had been having with various customers for a few days. There were problems with Access and its access to backend ACCDB databases when he tried to access via an IP address in the URL on a server.

The German text in the tweet above says: As soon as the backend of the ACCDB database located on a server is accessed via IP address (instead of server name or network drive), Access refuses to execute the macro. The user gets the security notice shown in the above tweet with the comment that a potential security risk has been detected. The file path specified by IP address is considered insecure and is blocked. Something rang in the back of my mind about Microsoft blocking macro execution of web pages in Office. The administrator had already tried to enter the IP address as a "trusted location", but that supposedly didn't help.

Macros blocked in local network

There is the Microsoft Answers forum post Office 365 Macros now blocked on local network dated June 14, 2022 where someone pointed out that Excel macros (MS 365 for Business) have not been working for them on our local server for a week. The Trust Center settings for location and allowing macros have no effect, according to the poster. In the recent case from the Microsoft Answers forum, the problem was solved by mapping the server with the URL \\fileserver\servername instead of the server IP and then adding it as a trusted location via the Trust Center. However, was not a solution for the customers from the above access case.

Microsoft's Macro Blocking attempts

I had pointed out this issue and Microsoft's plans to block certain Office macros in July 2022 in the post Microsoft continues rollout for default disabling of Office VBA macros. Microsoft had started at that time to block macros again if the files originate from the Internet. The whole thing was an on-off story – because the blocking had been rolled out in stages earlier, then was suspended due to problems – as in the MS Answers case above (see the blog post Microsoft does not want to block macros in Office by default after all) and was to be resumed (see the blog post Office macro blockade: suspension is only temporary).

Solution: Define trusted locations

The solution is for administrators to define the locations for their own files (i.e. the backend on the server, for example) as trusted locations. Tobias Migge then found the support article Macros from the internet will be blocked by default in Office dated August 3, 2022. In this support document Microsoft explains that they changed the default behavior of Office applications to block macros in files from the Internet for security reasons. The background is that VBA macros are a common way for malicious actors to gain access to deploy malware and ransomware. If the user opens a file that originates from the Internet, such as an email attachment, macro execution is blocked after Microsoft makes the change in Office. If the file contains macros, the following message is displayed:

Microsoft has blocked the execution of macros because the source of this file is not trusted.

However, this is exactly the error message from the above Access macro problem case. In the support document Microsoft describes how administrators can prepare for this case. And it also describes how to unblock VBA macros for trusted files. For the above Access scenario with a backend database on a server, a trusted location must be specified.

Tobias tried this in the Internet Properties of the Windows client and simply added the server with its IP address to the Trusted Sites list (see screenshot in above tweet). After that the Access macros could be executed again, even if the ACCDB files were on a server addressed by IP address. Maybe it helps those affected.