M365 Changelog: Excel Trust Center: new option to block Excel 4.0 (XLM) macros

MC244888 – We are introducing a new Excel Trust Center setting to further restrict the usage of Excel 4.0 (XLM) macros. As part of this rollout, a registry key is being retired, and a group setting is being renamed.

Key points

  • Microsoft 365 Roadmap ID 70568
  • Timing:
    • The new macro setting has currently rolled out to Insiders Slow users
    • Update to admin controls and registry key retirement will occur in May 2021 for Insiders Slow tenants
    • The new trust center setting will be available and the updated group policy controls can be used to configure the behavior in June 2021 for Monthly Enterprise Channel
  • Roll-out: user level and tenant level
  • Control type: user control and admin control
  • Action: review and assess by retirement April 30, 2021

How this will affect your organization

XLM macros is a legacy macro language that was made available to Microsoft Excel in 1992, prior to the introduction of Visual Basic for Applications (VBA) in 1993. 

This update enables users to choose only a more secure state by providing more granular controls for macros in Excel, if you have not disabled end-user ability to manipulate macro settings in Excel. 

Updated Group Policy “Macro Notification Settings”

this image has been lost in time

This new setting, Enable XLM macros when VBA macros are enabled, can be activated via a checkbox within Macro Settings in the Trust Center. It is enabled by default; this update has no impact to existing macro settings configurations.

this image has been lost in time

What you need to do to prepare

  • If you have disabled end-user ability to configure any macro settings in Excel, users will also be unable to configure this new setting.
  • If you would like to disable only XLM macro settings tenant-wide, without impacting VBA macro settings:
    • Uncheck the setting, Enable XLM macros when VBA macros are enabled
    • Group Policy Path: User configuration > Administrative templates > Microsoft Excel 2016 > Excel Options > Security > Trust Center
  • If you would also like to completely block all XLM macros usage (including in new user created files) 
    • Enable Group Policy “Prevent Excel from running XLM macros” which is configurable via Group Policy Editor or registry key
    • Group Policy Path: User configuration > Administrative templates > Microsoft Excel 2016 > Excel Options > Security > Trust Center
    • Registry Key Path: ComputerHKEY_CURRENT_USERSOFTWAREPoliciesMicrosoftOffice16.0excelsecurity

As part of this update, the following registry key is being retired and will no longer function as of April 30, 2021.

ComputerHKEY_LOCAL_MACHINESOFTWAREMicrosoftOffice16.0ExcelSecurityXLM

Learn more