Microsoft Flip-Flops on Blocking Office Macros by Default

For now, the company says it's only embarking on a 'temporary' rollback on blocking the macros.

After causing some confusion, Microsoft is clarifying that it will still block macros by default in its Office programs—eventually.

The clarification arrived late on Friday after users noticed that Microsoft quietly backpedaled on its decision to automatically block the macros by default.

In an update(Opens in a new window), Microsoft wrote: “Following user feedback, we have rolled back this change temporarily while we make some additional changes to enhance usability. This is a temporary change, and we are fully committed to making the default change for all users.”

The statement signals that some customers have been complaining about Microsoft original’s plan to block Visual Basic Application-based macros by default, even though the change is meant to protect computers from malware.

Microsoft's earlier attempt at warning users about malicious macros.

Macros operate as programming codes that can automate a series of tasks with a single command. The problem is that hackers have long exploited macros as a way to trick users into downloading malware on their computers. This can be done by embedding macros in a malicious Office document, which can then be sent via email.

Microsoft has been aware of the threat. Years ago, the company introduced "Protected View," which adds a warning bar about the dangers of opening Office documents containing macros. But the warning bar can be easily be bypassed with one click. To block the macros by default, Microsoft left it up to(Opens in a new window) IT administrators to turn the setting on.

In February, Redmond decided it would start blocking the macros automatically for Office files downloaded from the web. “For the protection of our customers, we need to make it more difficult to enable macros in files obtained from the internet,” the company said at the time.

Example of the warning bar Microsoft used with the default macro blocking. (Microsoft)

The change began rolling out in version 2203 of Microsoft 365 in April. But since Microsoft’s announcement, some users have complained the default blocking comes at the cost of conveniently running legitimate macros in Office files.

“Listen, taking features AWAY from people isn't IMPROVING a product,” one user wrote in February in the comments to Microsoft’s original announcement(Opens in a new window). “Just because you can't address this properly, it doesn't mean you should turn these features off on everybody.”

Some complaints have also focused on how Microsoft implemented the default blocking, which involved posting a stricter warning bar over untrusted Office files that contain the macros. The same warning bar contains a “Learn more” button on how a user can re-enable the macro. This involves removing(Opens in a new window) Microsoft’s so-called “Mark of the Web” from the document, forcing users and IT administrators to learn how to do.

“We're already receiving negative sentiment towards the change, as every file downloaded though the Teams desktop app from our own tenant is being tattooed with the MOTW,” one user wrote in April.

Last week, users then noticed Microsoft had rolled back the default blocking, including the warning bar messages over untrusted Office files. In a bit of irony, the decision sparked more criticism from Microsoft since it was done quietly, without a public announcement.

“You've got us jumping from one foot to the next and having to second guess what the next volte-face is going to be,” someone wrote in the comment section of Microsoft’s original post. Others pointed out that hackers are likely celebrating Redmond's decision to delay blocking the macros by default.

Microsoft didn't say when it will start blocking the macros by default. But the company plans on providing a timeline in the coming weeks. "Regardless of the default setting, customers can block internet macros through the Group Policy settings described in this article(Opens in a new window)," Microsoft added.

Source