Blog Post

Microsoft 365 Blog
5 MIN READ

Helping users stay safe: Blocking internet macros by default in Office

Kellie_msft's avatar
Kellie_msft
Brass Contributor
Feb 07, 2022
Updated July 20, 2022: We’re resuming the rollout of this change in Current Channel. Based on our review of customer feedback, we’ve made updates to both our end user and our IT admin documentation...
Updated Jul 20, 2022
Version 9.0
microsoft 365
Microsoft 365 Apps for enterprise
security
DHB-MSFT's avatar
DHB-MSFT
Icon for Microsoft rankMicrosoft
Apr 11, 2022

DM51673 If the “Launching applications and unsafe files” setting is set to Prompt (for a zone under Control Panel > Internet Options > Security > Custom level), then the Mark of the Web attribute is set on the file. “Prompt” is the default setting for “Launching applications and unsafe files” for both the “Internet” zone and the “Trusted sites” zone.

 

But we’re only blocking macros (by default) from files that are tagged as being from the “Internet” zone. If the file is tagged as being from the “Trusted sites zone” then macros won’t be blocked by default. For those files, the VBA macro notification settings in the Trust Center will apply.

 

So that’s why one of the options we list in the admin article is to assign the OneDrive and SharePoint (which includes Teams) URLs to the “Trusted sites” zone if you don’t want macros blocked by default in files downloaded from those locations.