What just happened? Microsoft has been planning to block macros in downloaded Office files as a security measure for months, but has kept hitting roadblocks in the process. This week, the company has reiterated its plans, better conveying what it’s doing and what users should do in response.
Starting next week, Microsoft Office will block macros in files downloaded from the internet by default, “reversing a reversal” Microsoft had made just earlier this month. The new policy will be enforced starting July 27 as a security measure, but the company is taking greater pains to explain its decision this week.
Macros are helpful because they can automate some processes in Office applications. However, macros in online files can be vectors for malware and ransomware. Microsoft started blocking them in untrusted files in February, but unblocked them in early June without warning.
A spokesperson said the reversal came due to feedback, leading some to speculate Microsoft caved to users who complained, not knowing why their macros stopped working. This week, the company published documentation announcing the reinstatement of default blocking and extensively clarifying why.
In addition to a detailed explanation of who will be affected (anyone using Word, Access, Excel, PowerPoint, and Visio on Windows), Microsoft includes instructions to prepare for the change and to enable macros only in trusted files.
Users can already activate this security measure by enabling a policy to block macros. Users and businesses can unlock macros in various ways, like changing a file’s properties, designating network locations as trusted, using PowerShell, or removing the “Mark of the Web” from a file. Microsoft explains how to do this for files from the internet, OneDrive files, SharePoint files, and files on local networks.
