Microsoft Office is now by default banning macros

This week, Microsoft began pushing out an upgrade to Microsoft Office that prevents the use of Visual Basic for Applications (VBA) macros in downloaded documents, following some back and forth since the change was first announced.

While testing the new default option last month, Microsoft abruptly halted its implementation “temporarily while we make some more adjustments to increase usability.” Despite Microsoft’s assurances that the change was only temporary, many experts were concerned that the default option would not be changed, leaving computers open to attack. A Google Threat Analysis Group head tweeted, “Blocking Office macros would do far more to really fight against real attacks than all of the threat intel blog postings.” — Shane Huntley

The new default configuration is now being rolled out, but with revised language to inform users and administrators of their alternatives when they try to access a file and it is banned. In other words, this solely affects Windows, which uses the NTFS file system, and it has no effect on Mac, Office on Android / iOS, or Office on the web, which all note the file as having been obtained from the internet.


We’re resuming the rollout of this change in Current Channel. Based on our review of customer feedback, we’ve made updates to both our end user and our IT admin documentation to make clearer what options you have for different scenarios. For example, what to do if you have files on SharePoint or files on a network share. Please refer to the following documentation:

• For end users, A potentially dangerous macro has been blocked

• For IT admins, Macros from the internet will be blocked by default in Office

If you ever enabled or disabled the Block macros from running in Office files from the Internet policy, your organization will not be affected by this change.

However, dangerous macros have been misused by hackers for years, deceiving people into downloading a file and running it so they may infiltrate their computers. Group Policy settings in Office 2016 may be used by administrators to prohibit macros across their organization’s computers, according to Microsoft. Hackers were still able to steal data or distribute ransomware since not everyone had activated the system.

You’ll see this page appear up when you try to access a file and are blocked, and it will explain why you don’t need to open that document. It begins by going over a variety of situations in which someone would try to get them to install malware on their computer. In order to access the contents of the downloaded file, if they absolutely need to, the warning banner goes on to describe how to do so, all of which are more involved than the previous method of enabling macros by pushing one button in the warning banner.

If someone does open a dangerous file, they’ll get numerous additional cautions before they get there, but it still allows access for folks who declare they definitely need it.