Microsoft unveiled its plans to disable Excel 4.0 XLM macros by default back in October 2021. The company has now announced that this application policy change is now rolling out to all Microsoft 365 tenants and it aims to protect customers from malicious documents.
For those unfamiliar with Excel 4.0 macros (XLM), this is a record-and-playback feature that was first introduced in Excel version 4.0 back in 1992. It lets enterprise customers create programming code (macros) to help them automate their repetitive tasks. Microsoft has been encouraging organizations to migrate to the secure Visual Basic for Applications (VBA) macros in response to increased XLM-based malware attacks, including Qbot, TrickBot, Zloader, and Dridex.
Now, Microsoft plans to reduce the attack surface by actively restricting XLM macros by default for all Excel users. However, IT Administrators will be able to manage this policy setting via Group, Cloud and ADMX policies, and you can find more details in the Microsoft Excel blog post.
“As planned, we have now made this setting the default when opening Excel 4.0 (XLM) macros. This will help our customers protect themselves against related security threats,” the company explained.
Microsoft has also provided a timeline for the rollout of the new default configuration across all tenants:
It is important to note that this new policy applies to all Microsoft 365 subscribers running Excel build 16.0.14427.20000 (or newer). For enhanced security, IT admins can use group policies to completely disable all Excel 4.0 macros in their respective tenants.
In related news, Microsoft is also changing the security policy for Office 365 apps by allowing admins to block Active Content on Trusted Documents. The company plans to roll out this new feature to Microsoft 365 subscribers next month.