Restrict usage of Excel 4.0 (XLM) macros with new macro settings control

Published Jul 22 2021 12:26 PM 2,479 Views
Microsoft

A new Excel Trust Center settings option to further restrict the usage of Excel 4.0 (XLM) macros is now generally available. Building on the recent release of AMSI integration for XLM macros, this setting enables Microsoft 365 customers to further protect themselves against the latest threats. Found in the Trust Center Macro Settings, this new checkbox setting, “Enable Excel 4.0 macros when VBA macros are enabled”, allows users to individually configure the behavior of XLM macros without impacting VBA macros. 

 

We invite all users to configure this new setting by following the 'Configuration Details' below. For most users, we recommend unchecking the setting to disable XLM macros.

 

Configuration Details

The Excel Trust Center settings can be accessed through the following steps:

  • File > Options > Trust Center > Trust Center Settings > Macro Settings

When the checkbox is selected, the above settings configured for VBA macros will also apply to XLM macros. To disable XLM macros without a notification, deselect the checkbox setting (recommended) – this configuration opts for a more secure behavior. There is no impact to any default or previous macro settings configurations with this release; however, users should be aware that a change in default XLM macro behavior is coming soon (see more details in ‘Availability’ below).

 

Customers can now independently disable XLM macros in the Trust Center Macro Settings by unchecking the setting "Enable Excel 4.0 macros when VBA macros are enabled."Customers can now independently disable XLM macros in the Trust Center Macro Settings by unchecking the setting "Enable Excel 4.0 macros when VBA macros are enabled."

Availability

This setting is currently available in Excel (build 2104).

Administrators can also use the existing Microsoft 365 applications policy control to configure this setting. Get the latest group policy template files .

The Group Policy setting “ Macro Notification Settings”, can be found in the following path:

  • User configuration > Administrative templates > Microsoft Excel 2016 > Excel Options > Security > Trust Center.

Administrators also have the option to completely block all XLM macro usage (including in new user-created files) by enabling the Group Policy, “Prevent Excel from running XLM macros”, which is configurable via Group Policy Editor or registry key.

  • Group Policy Path:
    • User configuration > Administrative templates > Microsoft Excel 2016 > Excel Options > Security > Trust Center
  • Registry Key Path:
    • Computer\HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Office\16.0\excel\security

Note:
While the initial release of this setting does not impact any existing or default macro settings configurations, XLM macros will soon be disabled by default - users can expect this coming change in default behavior to occur in the following M365 updates:

  • 2021 October Current Channel
  • 2021 December Monthly Enterprise Channel
  • 2022 January Semi-Annual Enterprise Channel (Preview)
  • 2022 July Semi-Annual Enterprise Channel

To learn more:

Working with Excel 4.0 macros - Excel
Enable or disable macros in Office files - Office Support


Subscribe to our Excel Blog and join our Excel Community to stay connected with us and other Excel fans around the world.

2 Comments
Occasional Contributor

Great feature!  Thanks for adding it.

.

Do more to publicize it! Especially for "consumers" who are clueless about this issue.  They are the most vulnerable.

.

I hope you decide to make the setting turned off by default for consumers. They are unlikely to be running old spreadsheets that would need access to the old commands.

.

I accidentally found this blog when researching this article:

https://www.pcmag.com/news/excel-4-is-alive-and-well-and-ready-to-attack

.

Please push it out to 2010. I know, it is no longer supported, but it is a "beloved" version and a lot of people are reluctant to let go of it. Giving them this update would be an act of good faith. You can use it after the Windoze 11 announcement fiasco.

.

Occasional Contributor

Question:

In the business setting if the setting is disabled using a Group Policy, will the individual user be able to turn it back on if they need to?

%3CLINGO-SUB%20id%3D%22lingo-sub-2528450%22%20slang%3D%22en-US%22%3ERestrict%20usage%20of%20Excel%204.0%20(XLM)%20macros%20with%20new%20macro%20settings%20control%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2528450%22%20slang%3D%22en-US%22%3E%3CP%3EA%20new%20Excel%20Trust%20Center%20settings%20option%20to%20further%20restrict%20the%20usage%20of%20Excel%204.0%20(XLM)%20macros%20is%20now%20generally%20available.%20Building%20on%20the%20recent%20release%20of%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-defender-for-endpoint%2Fxlm-amsi-new-runtime-defense-against-excel-4-0-macro-malware%2Fm-p%2F2194591%22%20target%3D%22_blank%22%3EAMSI%20integration%20for%20XLM%20macros%3C%2FA%3E%2C%20this%20setting%20enables%20Microsoft%20365%20customers%20to%20further%20protect%20themselves%20against%20the%20latest%20threats.%20Found%20in%20the%20Trust%20Center%20Macro%20Settings%2C%20this%20new%20checkbox%20setting%2C%20%E2%80%9CEnable%20Excel%204.0%20macros%20when%20VBA%20macros%20are%20enabled%E2%80%9D%2C%20allows%20users%20to%20individually%20configure%20the%20behavior%20of%20XLM%20macros%20without%20impacting%20VBA%20macros.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20invite%20all%20users%20to%20configure%20this%20new%20setting%20by%20following%20the%20'Configuration%20Details'%20below.%20For%20most%20users%2C%20we%20recommend%20unchecking%20the%20setting%20to%20disable%20XLM%20macros.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CU%3EConfiguration%20Details%3C%2FU%3E%3C%2FP%3E%0A%3CP%3EThe%20Excel%20Trust%20Center%20settings%20can%20be%20accessed%20through%20the%20following%20steps%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EFile%20%26gt%3B%20Options%20%26gt%3B%20Trust%20Center%20%26gt%3B%20Trust%20Center%20Settings%20%26gt%3B%20Macro%20Settings%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EWhen%20the%20checkbox%20is%20selected%2C%20the%20above%20settings%20configured%20for%20VBA%20macros%20will%20also%20apply%20to%20XLM%20macros.%20To%20disable%20XLM%20macros%20without%20a%20notification%2C%20deselect%20the%20checkbox%20setting%20(recommended)%20%E2%80%93%20this%20configuration%20opts%20for%20a%20more%20secure%20behavior.%20There%20is%20no%20impact%20to%20any%20default%20or%20previous%20macro%20settings%20configurations%20with%20this%20release%3B%20however%2C%20users%20should%20be%20aware%20that%20a%20change%20in%20default%20XLM%20macro%20behavior%20is%20coming%20soon%20(see%20more%20details%20in%20%E2%80%98Availability%E2%80%99%20below).%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22trustcentermacro.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F294804i7EAFE43220C81A19%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22trustcentermacro.png%22%20alt%3D%22Customers%20can%20now%20independently%20disable%20XLM%20macros%20in%20the%20Trust%20Center%20Macro%20Settings%20by%20unchecking%20the%20setting%20%26quot%3BEnable%20Excel%204.0%20macros%20when%20VBA%20macros%20are%20enabled.%26quot%3B%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3ECustomers%20can%20now%20independently%20disable%20XLM%20macros%20in%20the%20Trust%20Center%20Macro%20Settings%20by%20unchecking%20the%20setting%20%22Enable%20Excel%204.0%20macros%20when%20VBA%20macros%20are%20enabled.%22%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CU%3EAvailability%3C%2FU%3E%3C%2FP%3E%0A%3CP%3EThis%20setting%20is%20currently%20available%20in%20Excel%20(build%202104).%3C%2FP%3E%0A%3CP%3EAdministrators%20can%20also%20use%20the%20existing%20Microsoft%20365%20applications%20policy%20control%20to%20configure%20this%20setting.%20Get%20the%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fdownload%2Fdetails.aspx%3Fid%3D49030%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Elatest%20group%20policy%20template%20files%3C%2FA%3E%20.%3C%2FP%3E%0A%3CP%3EThe%20Group%20Policy%20setting%20%E2%80%9C%20Macro%20Notification%20Settings%E2%80%9D%2C%20can%20be%20found%20in%20the%20following%20path%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EUser%20configuration%20%26gt%3B%20Administrative%20templates%20%26gt%3B%20Microsoft%20Excel%202016%20%26gt%3B%20Excel%20Options%20%26gt%3B%20Security%20%26gt%3B%20Trust%20Center.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EAdministrators%20also%20have%20the%20option%20to%20completely%20block%20all%20XLM%20macro%20usage%20(including%20in%20new%20user-created%20files)%20by%20enabling%20the%20Group%20Policy%2C%20%E2%80%9CPrevent%20Excel%20from%20running%20XLM%20macros%E2%80%9D%2C%20which%20is%20configurable%20via%20Group%20Policy%20Editor%20or%20registry%20key.%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EGroup%20Policy%20Path%3A%3CUL%3E%0A%3CLI%3EUser%20configuration%20%26gt%3B%20Administrative%20templates%20%26gt%3B%20Microsoft%20Excel%202016%20%26gt%3B%20Excel%20Options%20%26gt%3B%20Security%20%26gt%3B%20Trust%20Center%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3ERegistry%20Key%20Path%3A%3CUL%3E%0A%3CLI%3EComputer%5CHKEY_CURRENT_USER%5CSOFTWARE%5CPolicies%5CMicrosoft%5COffice%5C16.0%5Cexcel%5Csecurity%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSTRONG%3ENote%3A%3C%2FSTRONG%3E%20%3CBR%20%2F%3EWhile%20the%20initial%20release%20of%20this%20setting%20does%20not%20impact%20any%20existing%20or%20default%20macro%20settings%20configurations%2C%20XLM%20macros%20will%20soon%20be%20disabled%20by%20default%20-%20users%20can%20expect%20this%20coming%20change%20in%20default%20behavior%20to%20occur%20in%20the%20following%20M365%20updates%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E2021%20October%20Current%20Channel%3C%2FLI%3E%0A%3CLI%3E2021%20December%20Monthly%20Enterprise%20Channel%3C%2FLI%3E%0A%3CLI%3E2022%20January%20Semi-Annual%20Enterprise%20Channel%20(Preview)%3C%2FLI%3E%0A%3CLI%3E2022%20July%20Semi-Annual%20Enterprise%20Channel%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CU%3ETo%20learn%20more%3A%3C%2FU%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Foffice%2Fworking-with-excel-4-0-macros-ba8924d4-e157-4bb2-8d76-2c07ff02e0b8%23%3A~%3Atext%3DTo%2520change%2520macro%2520settings%2520to%2520allow%2520you%2520to%2Cbox%2520for%2520Open%2520is%2520selected.%2520More%2520items...%2520%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EWorking%20with%20Excel%204.0%20macros%20-%20Excel%3C%2FA%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Foffice%2Fenable-or-disable-macros-in-office-files-12b036fd-d140-4e74-b45e-16fed1a7e5c6%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EEnable%20or%20disable%20macros%20in%20Office%20files%20-%20Office%20Support%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3E%3CSPAN%3ESubscribe%20to%20our%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fxlblog%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EExcel%20Blog%3C%2FA%3E%3CSPAN%3E%26nbsp%3Band%20join%20our%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FExcelCommunity%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EExcel%20Community%3C%2FA%3E%3CSPAN%3E%26nbsp%3Bto%20stay%20connected%20with%20us%20and%20other%20Excel%20fans%20around%20the%20world%3C%2FSPAN%3E%3CSPAN%3E.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2528450%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22trustcentermacro.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F294805i1773C0F9F8E8C7B7%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22trustcentermacro.png%22%20alt%3D%22trustcentermacro.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3ENew%20setting%20to%20individually%20configure%20XLM%20macro%20behavior%20now%20available%20via%20the%20Trust%20Center%20Macro%20Settings.%20Users%20can%20now%20disable%20XLM%20macros%20without%20impacting%20VBA%20macros.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2528450%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExcel%204.0%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EVBA%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EXLM%20Macros%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2616145%22%20slang%3D%22en-US%22%3ERe%3A%20Restrict%20usage%20of%20Excel%204.0%20(XLM)%20macros%20with%20new%20macro%20settings%20control%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2616145%22%20slang%3D%22en-US%22%3E%3CP%3EQuestion%3A%3C%2FP%3E%3CP%3EIn%20the%20business%20setting%20if%20the%20setting%20is%20disabled%20using%20a%20Group%20Policy%2C%20will%20the%20individual%20user%20be%20able%20to%20turn%20it%20back%20on%20if%20they%20need%20to%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Co-Authors
Version history
Last update:
‎Jul 22 2021 12:28 PM
Updated by:
www.000webhost.com