Helping users stay safe: Blocking internet macros by default in Office

Looks like the update was pushed to Message Center on the admin portal today: https://admin.microsoft.com/AdminPortal/Home?ref=MessageCenter/:/messages/MC322553.

From a security perspective, this change in default behaviour is long overdue and I can't think of another way they could have shut off this attack vector for macro-based malware, even if the communication of it has been botched.

Creators of legitimate VBA projects just need to either self-sign their code (https://support.microsoft.com/en-us/office/digitally-sign-your-macro-project-956e9cc8-bbf6-4365-8bfa-98505ecd1c01) or obtain a code signing certificate from one of the MS Trusted Root Participant CAs (https://ccadb-public.secure.force.com/microsoft/IncludedCACertificateReportForMSFT), and support their users in adopting best practice re: trusted locations and trusted publishers (https://www.youtube.com/watch?v=qyzJc3tAJSE&t=29s&ab_channel=BeaconPartnership).

It's all stuff that VBA developers and users should have been doing before now anyway, and the workaround steps that are now necessary aren't all that technical. There will be some resistance to the change, but that doesn't make it a bad one... it will achieve what has been needed for some time: make it more difficult for companies to be brought to their knees by ransomware.