Microsoft Office Macro Hardening | ASD's Blueprint for Secure Cloud (2024)

Table of Contents
Microsoft Office Macro Hardening Related information FAQs

Microsoft Office Macro Hardening

This section describes the design decisions associated with Microsoft Office macros on Windows 10 and 11 endpoints configured according to guidance in ASD's Blueprint for Secure Cloud.

See Also
Enable or disable macros in Microsoft 365 files

Estimated reading time: 4 minutes

Microsoft Office files can include Visual Basic for Applications (VBA) programming code (macro) embedded into the document.

A macro can comprise of several repeatable actions that can be coded or recorded and rerun later to automate repetitive tasks. Macros are powerful tools that can be easily created by novice users to greatly improve their productivity. However, an adversary can also create macros to perform a variety of malicious activities, such as assisting in the compromise of workstations to exfiltrate or deny access to sensitive information.

ASD’s provides guidelines in securing systems against malicious macros and recommend they are implemented in all Windows environments. ASD’s recommends that one of the following approaches is implemented:

  • All macros are disabled.
  • Only macros from trusted locations or sandboxed environment are enabled.
  • Only macros digitally signed by trusted publishers are enabled.

Where trusted locations are used, ASD’s recommends that when using trusted locations, only privileged users that are responsible for validating that the macros are free from malicious code can write to and modify contents within the trusted location.

Microsoft Office products can log macro execution attempts (both successful and failures) by enabling the Trust Center logging feature. This provides valuable information for incident response and digital forensics activities. The Trust Center logs are not written to the Windows Event Log but instead as an individual file per Microsoft Office product to the C:\Users\USERNAME\AppData\Local\Microsoft\Office\TCDiag directory.

Design Decisions

Decision PointDesign DecisionJustification
Implementation approachOnly macros digitally signed by a trusted publisher are enabledTo align with ASD’s Restricting Microsoft Office Macros guidance and enable organisations to leverage macros securely with the least business impact.
Macro execution loggingEnabled via Trust Center loggingTo align with ASD’s Essential Eight and provide detailed logs in the event of an incident.
Configuration methodOrganisation preferenceMacro hardening (including ASR rules) can be configured via either Group Policies or Intune.
Specific configurationSee belowTo align with the ASD’s Restricting Microsoft Office Macros guidance.
  • Microsoft Office Security Settings
    • Automation Security: Enabled (Use application macro security level)
    • Disable all Trust Bar notifications for security issues: Enabled
    • Disable VBA for Office applications: Disabled
    • Macro Runtime Scan Scope: Enable for all documents
    • Allow mix of policy and user locations: Disabled
  • Microsoft Access
    • Turn off trusted documents: Enabled
    • Turn off Trusted Documents on the network: Enabled
    • VBA Macro Notification Settings: Enabled (Disable all except digitally signed macros)
    • Allow Trusted Locations on the network: Disabled
    • Disable all trusted locations: Enabled
    • Disable commands: Enabled (19092)
  • Microsoft Excel
    • Disable commands: Enabled (19092)
    • Scan encrypted macros in Excel Open XML workbooks: Scan encrypted macros (default)
    • Block macros from running in Office files from the Internet: Enabled
    • Trust access to Visual Basic Project: Disabled
    • Turn off trusted documents: Enabled
    • Turn off Trusted Documents on the network: Enabled
    • VBA Macro Notification Settings: Enabled (Disable all except digitally signed macros)
    • Allow Trusted Locations on the network: Disabled
    • Disable all trusted locations: Enabled
  • Microsoft Outlook
    • Disable commands: Enabled (19092)
    • Apply macro security settings to macros, add-ins and additional actions: Enabled
    • Security settings for macros: Enabled (Security Level: Warn for signed, disable unsigned)
  • Microsoft PowerPoint
    • Disable commands: Enabled (19092)
    • Scan encrypted macros in PowerPoint Open XML presentations: Scan encrypted macros (default)
    • Block macros from running in Office files from the Internet: Enabled
    • Trust access to Visual Basic Project: Disabled
    • Turn off trusted documents: Enabled
    • Turn off Trusted Documents on the network: Enabled
    • VBA Macro Notification Settings: Enabled (Disable all except digitally signed macros)
    • Allow Trusted Locations on the network: Disabled
    • Disable all trusted locations: Enabled
  • Microsoft Project
    • Allow Trusted Locations on the network: Disabled
    • Disable all trusted locations: Enabled
    • VBA Macro Notification Settings: Enabled (Disable all except digitally signed macros)
  • Microsoft Publisher
    • Disable commands: Enabled (19092)
    • Publisher Automation Security Level: Enabled (By UI (prompted))
    • VBA Macro Notification Settings: Enabled (Disable all except digitally signed macros)
  • Microsoft Visio
    • Disable commands: Enabled (19092)
    • Enable Microsoft Visual Basic for Applications project creation: Disabled
    • Load Microsoft Visual Basic for Applications projects from text: Disabled
    • Allow Trusted Locations on the network: Disabled
    • Block macros from running in Office files from the Internet: Enabled
    • Disable all trusted locations: Enabled
    • Turn off trusted documents: Enabled
    • Turn off Trusted Documents on the network: Enabled
    • VBA Macro Notification Settings: Enabled (Disable all except digitally signed macros)
  • Microsoft Word
    • Disable commands: Enabled (19092)
    • Scan encrypted macros in Word Open XML documents: Scan encrypted macros (default)
    • Block macros from running in Office files from the Internet: Enabled
    • Trust access to Visual Basic Project: Disabled
    • Turn off trusted documents: Enabled
    • Turn off Trusted Documents on the network: Enabled
    • VBA Macro Notification Settings: Enabled (Disable all except digitally signed macros)
    • Allow Trusted Locations on the network: Disabled
    • Disable all trusted locations: Enabled

Related information

Security & Governance

  • Microsoft Office Macro Hardening
  • Application Control
  • User Application Hardening
  • Essential Eight: Restrict Microsoft Office Macros

Design

  • None identified

Configuration

  • Microsoft Office Macro Hardening
  • Attack Surface Reduction

References

  • None identified
See Also
Support SiteMicrosoft Privacy Principles, Microsoft Trust CenterMicrosoft Security, Compliance, and Identity Fundamentals Exam Ref SC-900How to enable and disable macros in Excel
Microsoft Office Macro Hardening | ASD's Blueprint for Secure Cloud (2024)

FAQs

Is Microsoft discontinuing VBA? ›

No. Such rumors have been doing the rounds for more than 20 years, but they're not true. There are millions of users relying on VBA, including large businesses and organizations.

Read On
How to fix security risk Microsoft has blocked macros? ›

Remove Mark of the Web from a file

To unblock macros in a file, like one from the internet or an email attachment, remove the Mark of the Web on your local device. To remove, right-click on the file, choose Properties, and then select the Unblock checkbox on the General tab.

Discover More Details
Are Excel macros a security risk? ›

Malicious macros can do almost anything that other malware can do to your system, including emulating ransomware, stealing data, and emailing itself out to your contacts.

Continue Reading
What is the warning about macros in Office? ›

If you see a security warning when you open a document or try to run a macro, you can choose to make it a trusted document and enable macros. This example is on an Excel workbook. Select Enable Content. In the Security Warning dialog, select Yes to make the document trusted.

See Details
What is Microsoft replacing VBA with? ›

Re: Excel Online: replacement for VBA macros...

Scripting allows you to automate repetitive tasks and perform custom operations on your Excel data. It provides a set of JavaScript-based APIs that you can use to manipulate the Excel workbook, worksheets, ranges, and more.

Find Out More
Will VBA become obsolete? ›

Re: Will VBA be obsolete from excel? No, it is extremely unlikely that Microsoft will ditch VBA. There are far too many solutions all over the world that rely on it.

Tell Me More
How do you bypass Microsoft has blocked macros from running because the source of this file is untrusted? ›

How to resolve "Microsoft has blocked macros"
  1. Close the workbook containing the blocked macro.
  2. In File Explorer, browser to the location where the workbook is saved.
  3. Right-click the file, and select Properties from the context menu.
  4. In the Properties dialog box, check the Unblock box, and then click OK.
Mar 28, 2023

Show Me More
How do macros pose a cybersecurity risk? ›

While macros may boost productivity, they can also pose a cybersecurity risk, as criminals can manipulate them by adding harmful code. This manipulation converts macros into carriers or pathways for the spread of malicious software, posing a significant threat to the security and integrity of computer systems.

Explore More
How do I turn off macro security warning in VBA? ›

By default, Excel disables all VBA macros with notification. This means that when you open a workbook that contains VBA macros, you'll see a yellow security warning bar at the top of the sheet. You can choose to enable or disable VBA macros for that workbook by clicking on the warning bar.

Continue Reading
Which macro setting is least secure? ›

Enable all macros (not recommended, potentially dangerous code can run) Click this option to allow all macros to run. Using this setting makes your computer vulnerable to potentially malicious code and is not recommended.

Show Me More

What are the disadvantages of macros in Excel? ›

While macros can be recorded in many applications, the macro recorder doesn't actually know what you're trying to do, so it just takes a snapshot of the whole feature. That makes for a very messy chunk of code that does a lot of unnecessary things, some of which you may not want. So you have to learn VBA coding.

Read The Full Story
How do I stop Microsoft from blocking macros? ›

Excel 2010, 2013, 2016, 2019, and Microsoft 365:
  1. Open the File: Open the Excel file containing the blocked macros.
  2. Go to the File Tab: Click on the "File" tab in the ribbon.
  3. Open Options: ...
  4. Navigate to Trust Center: ...
  5. Open Trust Center Settings: ...
  6. Navigate to Macro Settings: ...
  7. Enable Macros: ...
  8. Click OK:
Mar 19, 2023

See Details
Why avoid macros? ›

Macros reduce code readability

In real projects where multiple people work together this will make teamwork extremely hard. Once again, this is competitive programming and if you understand your own code that is all that matters.

Get More Info Here
Is enabling macros on a Microsoft Office document safe? ›

Be wary of Microsoft Office documents containing macros. Macros are small bits of programming used to automate tasks that can also be used for spreading viruses and malware. Anti-virus programs cannot always catch all malicious macros.

Continue Reading
What is the purpose of a macro in Microsoft Office? ›

In Word, you can automate frequently used tasks by creating and running macros. A macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. To save time on tasks you do often, bundle the steps into a macro. First, you record the macro.

View More
Is VBA still relevant in 2024? ›

Yes, people still use Excel VBA to run their business operations even in 2024. VBA is a powerful tool that allows its users to work efficiently by helping them create custom functions using scripts or codes in Excel.

View Details
Has Microsoft stopped supporting VBA? ›

Support for VBA has definitely not gone away. An update to your PC may have failed in a way that makes some of the supporting code not work.

See More
Is Microsoft discontinuing Visual Basic? ›

A post by Microsoft in Feb 23 (7 months ago), stated that Microsoft "remains committed to Visual Basic and continue to invest in maintaining C# interop and Visual Studio features for folks that love Visual Basic." It has been interpreted by the community that VB.Net will not be further evolved but at the time of ...

Learn More
Is Microsoft moving away from macros? ›

Microsoft said it is still planning to block Visual Basic Applications (VBA) macros by default in Office apps after quietly rolling back the planned change last month.

Discover More Details
Top Articles
BEL Share Price Target 2023, 2024, 2025, 2026, 2030 - WasteorInvest
Credit Information Reports | Credit information Company – CRIF
Lowe's Garden Fence Roll
Ffxiv Palm Chippings
Kaydengodly
Craigslist Motorcycles Jacksonville Florida
Big Spring Skip The Games
Ventura Craigs List
Daniela Antury Telegram
R Tiktoksweets
Hartford Healthcare Employee Tools
Slushy Beer Strain
Craigslist Pets Longview Tx
Insidekp.kp.org Hrconnect
Sand Castle Parents Guide
Dr Adj Redist Cadv Prin Amex Charge
Missed Connections Dayton Ohio
Vigoro Mulch Safe For Dogs
Walgreens Tanque Verde And Catalina Hwy
Cincinnati Adult Search
Dcf Training Number
Craigslist Battle Ground Washington
Panola County Busted Newspaper
At 25 Years, Understanding The Longevity Of Craigslist
Foodsmart Jonesboro Ar Weekly Ad
Lacey Costco Gas Price
Craigslist Northern Minnesota
Southtown 101 Menu
Wega Kit Filtros Fiat Cronos Argo 1.8 E-torq + Aceite 5w30 5l
Hotel Denizen Mckinney
Sports Clips Flowood Ms
2487872771
Diana Lolalytics
Http://N14.Ultipro.com
Police Academy Butler Tech
Tmka-19829
Flashscore.com Live Football Scores Livescore
My.lifeway.come/Redeem
Riverton Wyoming Craigslist
About My Father Showtimes Near Amc Rockford 16
Craigslist Com Panama City Fl
Craigs List Hartford
1Exquisitetaste
18006548818
Sky Dental Cartersville
Automatic Vehicle Accident Detection and Messageing System – IJERT
Shiftselect Carolinas
antelope valley for sale "lancaster ca" - craigslist
28 Mm Zwart Spaanplaat Gemelamineerd (U999 ST9 Matte | RAL9005) Op Maat | Zagen Op Mm + ABS Kantenband
Basic requirements | UC Admissions
Latest Posts
How Does Debt Collection Work? - Experian
Credit Dispute Resolution | Meaning, Process, & Legal Options
Article information

Author: Tish Haag

Last Updated:

Views: 6183

Rating: 4.7 / 5 (67 voted)

Reviews: 82% of readers found this page helpful

Author information

Name: Tish Haag

Birthday: 1999-11-18

Address: 30256 Tara Expressway, Kutchburgh, VT 92892-0078

Phone: +4215847628708

Job: Internal Consulting Engineer

Hobby: Roller skating, Roller skating, Kayaking, Flying, Graffiti, Ghost hunting, scrapbook

Introduction: My name is Tish Haag, I am a excited, delightful, curious, beautiful, agreeable, enchanting, fancy person who loves writing and wants to share my knowledge and understanding with you.