Microsoft now restricts XLM macros in Excel by default


Level 83
Thread author
Top poster
Content Creator
Malware Hunter
Aug 17, 2014
Although many organizations still use Excel 4.0 (XLM) macro for their automation activities, Microsoft has been encouraging the transition to the more secure Visual Basic for Applications (VBA) for quite some time. This is because malicious actors abuse macros to inject malware into enterprise systems frequently, so their continued use facilitates a relatively accessible attack surface. Microsoft tried to tackle this problem to some extent by introducing runtime inspection of XLM macro code in March 2021, and today, it is taking yet another step.

Microsoft has now announced that it will restrict XLM macros by default for customers utilizing Excel. This is something that the company already hinted at back in July 2021, and the change is now rolling out publicly. Be default, the Excel Trust Center option for the use of macros will indicate that the language is disabled.

That said, IT admins organizations obviously still have the ability to modify the default behavior using Group Policy, Cloud policies, and ADMX policies, all of which are described in Microsoft's blog post here.
The new default configuration is now rolling out for the following customers:
  • Current Channel builds 2110 or greater (first released in October)
  • Monthly Enterprise Channel builds 2110 or greater (first released in December)
  • Semi-Annual Enterprise Channel (Preview) builds 2201 or greater (we create this in January 2022, but it first ships in March 2022)
  • Semi-Annual Enterprise Channel builds 2201 or greater (will ship July 2022)
Last edited: