XLM macros are now restricted by default for Microsoft Excel.

It’s safe to say that many people as well as organizations still use the Excel 4.0 macro (XLM) for their automation activities.

This is happening even though Microsoft has been encouraging the move to the more secure Visual Basic for Applications (VBA) for some time now.

Such measures had to be taken because attackers abuse macros to frequently inject malware into corporate systems, so their continued use contributes to a relatively accessible attack window.

Security threats caused XLM macro restrictions in Excel

The Redmond-based tech giant tried to address this issue to some extent by implementing XLM macro code validation at runtime back in March 2021.

Now Microsoft has announced that it will be restricting XLM macros by default for customers using Excel after hinting at it back in July 2021, and the change is now being released publicly.

By default, the Excel Trust Center setting to use macros will indicate that the language is disabled.

Obviously, IT administrators and organizations can still change the default behavior through group policy, cloud policies, and ADMX policies.

  • Cloud policies  can be deployed using  the Office Cloud Policy Service  for Policies in HKCU. Cloud policies apply to the user on any device that accesses files in Office apps with their AAD account.
  • ADMX policies  can be deployed using  Microsoft Endpoint Manager  (MEM) for both HKCU policies and HKLM policies. These settings are written to the same location as Group Policy, but are managed from the cloud in MEM. There are two methods for creating and deploying policy configurations:  Administrative Templates  or  Settings Catalog .

The new default configuration is currently being rolled out to the following clients:

  • Current Channel build 2110 or higher (first released in October)
  • Monthly Enterprise Channel Build 2110 or higher (first release in December)
  • Semi-Annual Enterprise Channel (Preview) Builds 2201 or later (We’re building this in January 2022, but will first ship in March 2022)
  • Semi-Annual Enterprise Channel build 2201 or later (shipping July 2022)

To avoid confusion, this applies to the September fork version 16.0.14527.20000 and up.

Of course, IT administrators can also completely disable the use of existing and new XLM macros in an organization to improve security.

What do you think of these latest security measures introduced by Microsoft? Share your thoughts with us in the comments section below.