Excel is now a little safer for organizations to use as Microsoft is making a once optional setting that disables the usage of Excel 4.0 macros the default.
The move to crack down on macros is in response to the growing trend of threat actors using macros to deploy ransomware and other malware.
To control this setting, administrators can access the Trust Center Macro Settings and in the Microsoft 365 applications privacy control.
The Group Policy setting “Macro Notification Settings” for Microsoft Excel can be found in this path and registry key, according to the company:
- Group Policy Path: User configuration > Administrative templates > Microsoft Excel 2016 > Excel Options > Security > Trust Center.
- Registry Key Path: Computer\HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Office\16.0\excel\security
The policy setting can also be managed with cloud policies deployed with the Office cloud policy services for policies in HKCU. Cloud policies apply to a user on any device accessing files in Office apps with their AAD account, the company says.
In addition, ADMX policies can be deployed with Microsoft Endpoint manager for both HKCU and HKLM policies. The company says those settings are written to the same place as Group Policies but managed from the cloud in Endpoint Manager. Admins can use administrative templates to the settings catalog, Microsoft says.
Admins can take a blanket approach and block all XLM macro usage by enabling the Group Policy (Prevent Excel from running XLM macros” via the Group Policy editor or registry key.
According to Microsoft, XLM is disabled by default in the September fork, version 16.0.14527.20000+
- Current Channel builds 2110 or greater (first released in October)
- Monthly Enterprise Channel builds 2110 or greater (first released in December)
- Semi-Annual Enterprise Channel (Preview) builds 2201 or greater (we create this in January 2022, but it first ships in March 2022)
- Semi-Annual Enterprise Channel builds 2201 or greater (will ship July 2022
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!