Excel 4.0 Macros Now Restricted by Default

July last year saw the release of a new Excel Trust Center (sic) setting option to restrict the usage of Excel 4.0 (XLM) macros. From mid-January 2022, this has been made the default setting when opening Excel 4.0 (XLM) macros. This is to assist users in protecting themselves against related security threats.

This setting may be managed by visiting the Excel Trust Center in File -> Options, viz.

File -> Options -> Trust Center -> Trust Center Settings -> Macro Settings

This setting now defaults to Excel 4.0 (XLM) macros being disabled in Excel (Build 16.0.14427.10000). It should also be noted that administrators may also use the existing Microsoft 365 applications policy control to configure this setting.

The Group Policy setting ‘Macro Notification Settings’ for Excel may be found in the following path and registry key:

• Group Policy Path: User configuration -> Administrative templates -> Microsoft Excel 2016 -> Excel Options -> Security -> Trust Center
• Registry Key Path: Computer\HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Office\16.0\excel\security.

Administrators also have the option to completely block all XLM macro usage (including in new user-created files) by enabling the Group Policy, ‘Prevent Excel from running XLM macros’, which is configurable via Group Policy Editor or registry key.

XLM is disabled by default in the September fork, version 16.0.14527.20000+

• Current Channel builds 2110 or greater (first released in October 2021)
• Monthly Enterprise Channel builds 2110 or greater (first released in December 2021)
• Semi-Annual Enterprise Channel (Preview) builds 2201 or greater (created in January 2022, but not shipping until March 2022)
• Semi-Annual Enterprise Channel builds 2201 or greater (will ship July 2022).