Dear Microsoft, don’t give up on this please!

I’m guessing that big businesses pushed back on this.

But Microsoft? Don’t give up on making this default.

We need macros to be off by default and let the IT pro/admins turn it on based on their needs. We STILL need help on ransomware. This STILL would be a really good thing.

Don’t give up on this, please, Microsoft. This needs to be the default. We need Office excel files that we receive from the Internet to not infect us. Ensuring that Macros are not enabled in Excel documents that we receive emailed to us will go a long way to keep us safe.

From the Microsoft 365 announcement:

Updated July 07, 2022: Based on feedback, we’re rolling back this change from Current Channel. We appreciate the feedback we’ve received so far, and we’re working to make improvements in this experience. We’ll provide another update when we’re ready to release again to Current Channel. Thank you.

The original post where they planned to block macros in files received from the Internet:

VBA macros are a common way for malicious actors to gain access to deploy malware and ransomware. To help improve security, we are changing the behavior of Office applications to now block macros in files from the internet. Learn more in this blog post.

This change only affects Office on devices running Windows and only affects the following applications: Access, Excel, PowerPoint, Visio, and Word.

Key points:

Microsoft 365 Roadmap ID 88883
Timing: We will communicate a new timeline via Message center.
Action: Review and assess impact
How this will affect your organization:

Previously, it was possible for end users to enable these macros by simply clicking a button on the Trust bar.

Now, with this change, once a user opens an attachment or downloads from the internet an untrusted Office file containing macros, a message bar displays a Security Risk that the file contains VBA macros obtained from the internet with a Learn More button.

VBA Macros Blocked Trust Bar
View image in new tab
The Learn More button goes to an article for end users and information workers that contains information about the security risk of bad actors using macros, safe practices to prevent phishing and malware, and instructions on how to enable these macros (if absolutely needed).

What you need to do to prepare:

Enterprises should evaluate their use of macros in files obtained from the internet to determine how this new default behavior will affect their users.

To learn more about how to get ready for this change and recommendations for managing VBA macros in Office files, read this article for Office admins.