Microsoft performs an about-face on Office macro security policy -- albeit a temporary one
VBA macros in Microsoft Office are an incredibly common means of delivering malware, and this is precisely why Microsoft made an announcement earlier this year that macros would be blocked by default. But now the company has changed its mind.
The change will not be permanent, however. Microsoft still plans to block macros in documents obtain from the internet -- it's just not quite clear when. The company says that the change of heart is a result of user feedback, and while macros will remain enabled by default for the time being, this will change at some point in the future; it's just not happening as soon as we thought.
- Microsoft makes massive improvements to Windows Subsystem for Android in Windows 11
- Microsoft releases new versions of free Windows 11 virtual machines
- Microsoft releases PowerToys v0.60.0 with great new Windows 11 features
Although Microsoft has not shared any details about the feedback which led to this latest decision, it is important to bear in mind that while VBA macros have the potential to be abuse for malicious purposes, they are also incredibly useful. Many organizations make heavy use of such macros, and having them disabled by default could potentially lead to chaos.
Having to train users how to circumvent the security measure -- and, more importantly, when you know that it is safe to do so -- is a lengthy and costly process for business. This is likely to be the sort of feedback Microsoft has received, although it is unwilling to admit as much.
In an update to a entry in the Microsoft 365 documentation, Microsoft says:
Based on feedback, we're rolling back this change from Current Channel. We appreciate the feedback we've received so far, and we're working to make improvements in this experience. We'll provide another update when we’re ready to release again to Current Channel. Thank you.
It is impossible to say quite when Microsoft will be able to implement the security feature without attracting more negative feedback, but it's clear that the company still intends to introduce it. This could, of course, change again.