Microsoft Backtracks (Temporarily?) on Policy to Block All Macros with Mark of the Web

Big shout-out to Vince Hardwick, who alerted me on Twitter that Microsoft has very quietly begun rolling back its default blocking of VBA macros that just went into effect with Office version 2203 and started rolling out on April 12, 2022.

The rest of the Twitter thread links back to this Microsoft Tech Community article, Helping users stay safe: Blocking internet macros by default in Office, where Vince asked in the comments about an apparent rollback of this new feature:

Amazingly, Microsoft official Angela Robertson responded in the affirmative:

@vincehardwick Based on feedback received, a rollback has started. An update about the rollback is in progress. I apologize for any inconvenience of the rollback starting before the update about the change was made available. @PhoebeYuan FYI

A Temporary Rollback?

As Twitter user @exceloffthegrid notes, there's a very good chance this is simply a delay as Microsoft works through the biggest issues raised via "feedback received" as a result of this change.  

I personally believe the policy itself is sound.  VBA-enabled Office files are a significant threat.

That said, Microsoft clearly didn't expect Office users to respond to their policy change with a collective rage that made women scorned lean back in their chairs and say, "Now that's fury!"

UPDATE [2022-07-11]: Microsoft has officially confirmed they are rolling back the change and that it is only temporary.  Here's their update message:

Following user feedback, we have rolled back this change temporarily while we make some additional changes to enhance usability. This is a temporary change, and we are fully committed to making the default change for all users.

Regardless of the default setting, customers can block internet macros through the Group Policy settings described in this article.

We will provide additional details on timeline in the upcoming weeks.

Referenced articles

External references