VBA macros are a common and easy way for mal intended hackers to deploy malware and ransomware. To help improve security in Office apps, Microsoft is blocking macros by default in Office application files received from the internet. In this post, you will find the official information about this behavior and how to unlock VBA macros in files received from the internet.
As of the publishing date of this post, this change is already effective for users subscribed to the Office Insiders program and the change will be gradually applied to other versions of Office.
With this change, when users open a file that came from the internet, such as an email attachment, and that file contains macros, the message “Microsoft has blocked macros from running because the source of this file is untrusted” will be displayed:
The “Learn More” button goes to an article that explains the security risk of using macros coming from bad actors, best practices on how to prevent phishing and malware, and how to unlock these macros if trusted and needed. You can find this article in the list below, along with other complementary information about this topic. At the bottom of this post, you can find a video with the steps to enable the macros in a file.
Please note that it is important to pay attention to the risk of macros received from the internet and that your organization may implemented security policies of different levels.
Microsoft’s articles:
Helping users stay safe: Blocking internet macros by default in Office (Feb 07, 2022)
A potentially dangerous macro has been blocked
The article above provides instructions about the risk of opening a file with macros when received from a bad actor, best practices to prevent phishing and malware, and instructions on how to enable the macros when blocked on files received online.
Trusted Locations for Office Files (Mar 29. 2022)
Macros from the internet will be blocked by default in Office (Mar 02, 2020)
In this article you will find information about:
– the versions of Office affected by this change (Windows only)
– the affected applications (Access, Excel, PowerPoint, Visio, and Word)
– the dates when this blockage becomes effective for each Office channel (Office LTSC 2021, Office 2019, Office 2016, and Office 2013 to be affected in the future)
– how Office determines whether to run macros in files from the internet
– how to use policies to manage how Office handles macros
– how to enable the macros in files received online – this information is available in section “Additional information”
The video below demonstrates the user experience to unlock macros from a file when security policies allow it:
