Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Microsoft Restricts Excel 4.0 Macros by Default to Protect Users from Malware

Microsoft unveiled its plans to disable Excel 4.0 XLM macros by default back in October 2021. The company has now announced that this application policy change is now rolling out to all Microsoft 365 tenants and it aims to protect customers from malicious documents.

For those unfamiliar with Excel 4.0 macros (XLM), this is a record-and-playback feature that was first introduced in Excel version 4.0 back in 1992. It lets enterprise customers create programming code (macros) to help them automate their repetitive tasks. Microsoft has been encouraging organizations to migrate to the secure Visual Basic for Applications (VBA) macros in response to increased XLM-based malware attacks, including Qbot, TrickBot, Zloader, and Dridex.

Microsoft disables Excel 4.0 macros in all tenants

Now, Microsoft plans to reduce the attack surface by actively restricting XLM macros by default for all Excel users. However, IT Administrators will be able to manage this policy setting via Group, Cloud and ADMX policies, and you can find more details in the Microsoft Excel blog post.

“As planned, we have now made this setting the default when opening Excel 4.0 (XLM) macros. This will help our customers protect themselves against related security threats,” the company explained.

Microsoft has also provided a timeline for the rollout of the new default configuration across all tenants:

Current Channel builds 2110 or greater (first released in October)
Monthly Enterprise Channel builds 2110 or greater (first released in December)
Semi-Annual Enterprise Channel (Preview) builds 2201 or greater (we create this in January 2022, but it first ships in March 2022)
Semi-Annual Enterprise Channel builds 2201 or greater (will ship July 2022)

It is important to note that this new policy applies to all Microsoft 365 subscribers running Excel build 16.0.14427.20000 (or newer). For enhanced security, IT admins can use group policies to completely disable all Excel 4.0 macros in their respective tenants.

In related news, Microsoft is also changing the security policy for Office 365 apps by allowing admins to block Active Content on Trusted Documents. The company plans to roll out this new feature to Microsoft 365 subscribers next month.

by Rabia Noureen
Jan 21, 2022

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

Nested Microsoft 365 Groups: What You Need to Know

Jul 12, 2023
Microsoft and AI: What Is the Copilot Semantic Index and How Does It Work?

Feb 6, 2024
Mar 21, 2024
How to Grant Full Mailbox Access to Users in Office 365 and Exchange Server

Aug 4, 2023
Aug 08, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.