Earlier this month, Microsoft surprised its customers with a sudden U-turn regarding its plans to block VBA macros in popular Office apps. Shortly afterward, the company clarified that it plans to reinstate the new policy after making "some additional changes to enhance usability." Now Microsoft is once again ready to start blocking Office internet macros by default. The software giant has updated its documentation with clear step-by-step instructions explaining what the end user can do with a blocked macro.
With the new rules in place, users will see a security warning notification when trying to open an Office file with a macro coming from the internet. The message will show a "Learn More" button linked to a support page describing risks related to opening files with VBA macros. Also, the article provides information about enabling macros in case the user trusts the file. You can access the support page via this link.
Microsoft says negative user feedback caused the company to temporarily undo the changes and consider providing better information about such a drastic change in Office applications. The new documentation now provides all the information users and IT admins need to understand how Office determines whether to block or run macros in files from the internet, which Office versions are affected by the new rules, how to allow VBA macros in trusted files, and how to prepare for the change.
Microsoft plans to start blocking VBA macros in Office Access, Excel, PowerPoint, Visio, and Word in the Current Channel from July 27, 2022 (Office version 2206 and newer). The idea behind the decision is to eliminate an attack surface that bad actors exploit to infect systems with malware and ransomware.