We're changing the behavior of Office applications to enforce policies that block active content (macros, ActiveX, DDE, etc.) on Trusted Documents. Previously, active content was allowed to run in Trusted Documents even when an IT administrator had set a policy to block it. As part of ongoing Office security hardening, the IT administrator’s choice to block active content will now always take precedence over end-user set trusted documents. This change is released to Insiders in build 2110 and is planned to roll out to Current Channel in early February 2022. It is not planned to be backported to down-level versions.
As you can see from the chart, the change in the evaluation flow allows admin-configured policies to always take precedence over user settings, which can help reduce the impact of attacks that use active content. This is important in the current threat landscape as active content attacks become more common.
End user experience
The expected impact is when a user opens a previously trusted document with active content that’s enabled. If there’s a policy set by their IT administrator or a Trust Center setting blocking the active content, the content will remain blocked. When this happens, we will display a business bar: