Microsoft Reverses Office Macro Blocking Decision -- Redmondmag.com

Microsoft Reverses Office Macro Blocking Decision

By Chris Paoli
07/08/2022

Microsoft has quietly reversed an earlier decision to block Internet macros by default in Office.

The company initially announced in February that Office would automatically block macros with the "mark of the Web" (MOTW) to combat the rise in attackers using e-mail attachments with embedded malicious macros. Previously, Office would process MOTW macros as external links and automatically navigate users to the Web-based location.

Starting with the April rollout of Version 2203, Office automatically blocked the potentially harmful links when clicked by users and displayed a security risk warning.

Microsoft unceremoniously announced the course correction on Friday with a short update to the original Microsoft 365 blog post from February:

Following user feedback, we have rolled back this change temporarily while we make some additional changes to enhance usability. This is a temporary change, and we are fully committed to making the default change for all users.

Regardless of the default setting, customers can block internet macros through the Group Policy settings described in this article.

Prior to Friday's update, users started to notice the stealth reversal of the Office policy. Commenting on the original February post this week, user "vincehardwick" noted that when trying to demonstrate the new security feature in a video for his organization by clicking on an external macro, "the pinkish-red 'Security Risk... Learn More' notification" did not pop up.

"It feels like something has undone this new default behavior very recently," wrote vincehardwick. "Maybe Microsoft Defender is overruling the block?"

Shortly after vincehardwick's comment was posted on Wednesday, Microsoft representative Angela Robertson responded, saying that the company had, in fact, instigated a rollback on the policy.

While Microsoft has yet to provide any further insight into the recent change, it appeared to be an unpopular policy among a group of users. In a comment posted shortly after the April rollout, user "yrzhl" expressed his disappointment with the policy, saying it made it hard to interact with his own custom macros.

"I made [my custom Excel macro] available offline from my laptop and after the update (Version 2205), I just received this information and the macro document showed me the security risk banner instead of security warning which I can enable macro," yrzhl wrote. "This is very frustrating as I made the macro for my coworkers to update stock document easily."

Microsoft said it will provide more details on the decision in the coming weeks.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

How To Fix Problems with Cached Credentials in Windows 11

While the fix might not be obvious, it should only take a few minutes to get back up and running.
Microsoft Constructing $3.3 Billion AI Datacenter in Wisconsin

Microsoft and the Biden administration announced on Wednesday that the company is investing more than $3 billion in a new AI and cloud datacenter in southeast Wisconsin.
Exchange Server Subscription Edition Coming Next Year

Microsoft provided a brief update on Tuesday of its Exchange Server roadmap, including the news that Exchange Server Subscription Edition (SE) will be arriving in the third quarter of 2025.
Biden Administration Releases Global Cybersecurity Initiative

The U.S. Department of State has released a comprehensive cybersecurity framework aimed at international cooperation when targeting cybercriminals and strengthening defenses.
Microsoft Purview Enhanced with AI Security and Compliance Hooks

Microsoft Purview, the company's data governance solution, is receiving a handful of upgrades to help enterprises securely manage their growing AI-related data.