Despite the fact DNS and reserve DNS can resolve the IP address to the hostname and vice versa, it was only until I mapped the drive with the hostname that Excel recognized the file source as a trusted location. The user had a mapped drive via the IP address. Two things:ġ.It seems it will only accept the UNC path if using a hostname and not an IP addressĢ. So adding the path as a Trusted Location works now. Thanks for your time and any help is greatly appreciated. What is the recommended solution so users can use Marcos from files on a shared folder from our domain network.? What is Office's definition of files/Marcos "from the internet" ?Ģ. So two things I need to understand really.ġ. However, as a troubleshooting step I've tried adding the mapped drive letter as a trusted location but that doesn't even work anyway? Microsoft suggest you only add to the "trusted locations" as a last resort and keep the location as specific as possible (i.e. So we need to find a way to allow at the very least certain computer/users to allow Marcos when accessing from a file share. Throughout the business we rely on Marco embedded workbooks and there is no getting around this in the short term. So it's not from "the internet" as per se. The excel workbooks are saved on a file share (hosted by a Window Server virtual machine) which is on the same domain as the computers/users who are opening the Excel workbook. I'm struggling to grasp what criteria is Office looking for to determine the macro/workbook it's from the internet?
HOW TO ENABLE MACRO IN EXCEL 365 UPDATE
I imagine it is something to do with the latest Office update (version 2205) Users access this via a mapped drive (deployed via GPO) Users are opening the excel workbooks from a shared folder on our domain.
This way, they argued that the companies which rely on it could re-enable it for their employees while everyone else remained protected, in case they received an Excel file boobytrapped with a malicious XLM macro.īut while Microsoft is not disabling the feature for all users, it is taking steps to disable it, by default, for its paying customers, part of the Microsoft 365 service. However, over the summer months, several security researchers have publicly criticized Microsoft for leaving users exposed to attacks and asked more from the OS maker, namely, to disable the feature by default inside Office applications. Microsoft, too, has been aware of this issue, and added XLM macro support to the Antimalware Scan Interface (AMSI) for Office 365 in March 2021 as a way to “to help antivirus solutions tackle the increase in attacks that use malicious XLM macros.” Reports from VMWare, ReversingLabs, Lastline, MadLabs, Expel, DeepInstinct, and many others referenced a spike in malware strains and threat actors abusing XLM macros, used in anything from cyber-espionage to banking trojans, and from ransomware to cryptocurrency theft. Excel 4.0 macros have been widely abused over the past two yearsĪs with most Office tools that allow basic scripting-like actions, the feature has been abused over the course of the past decades by both financially motivated groups and state-sponsored threat actors alike.īut the abuse has never been as rampant as it has been since early 2020 when several security researchers noted the sudden and unexplainable increased attention XLM macros had been getting from numerous top-tier threat actors.
HOW TO ENABLE MACRO IN EXCEL 365 SOFTWARE
While XLM macros were replaced with the release of Excel 5.0, which introduced VBA-based macros, support for this feature has remained inside the Office Excel software to this day. Introduced in 1992 with the release of the Excel 4.0 software - from where the feature also gets its name - XLM macros allow users to enter complex formulas inside Excel cells that can execute commands, either inside Excel or the local filesystem. Microsoft plans to disable a legacy feature known as Excel 4.0 macros, also XLM macros, for all Microsoft 365 users by the end of the year, according to an email the company has sent customers this week, also seen by The Record. Microsoft to disable Excel 4.0 macros, one of the most abused Office features