1 min

Microsoft’s decision to unblock VBA macros in Office 365 has not been to everyone’s liking. Security experts consider the move to be a big mistake.

Microsoft recently decided to enable Visual Basic Application (VBA) macros in Office 365 by default. VBA macros allow end users of Office 365 to add functionality to their documents, such as automated functions for spreadsheets. However, the macros represent a large attack surface for hackers. Earlier this year, the tech giant chose to block macros instead.


Cybercriminals have been able to trick targets into activating macros after they open a document for years. The document also connects to the company network. The default activation of macros allows the malware to quickly spread. By blocking VBA macros earlier this year, Microsoft wanted to cut off the attack surface.

Meanwhile, the tech giant changed its mind. VBA macros in Office 365 will be automatically enabled once more due to feedback from users who weren’t happy with the initial decision. Microsoft’s latest decision is disliked by security experts. Some experts note it’s “an extremely bad idea”. Macros remain a significant attack surface for criminals targeting companies.

The tech giant will soon publish a detailed explanation of its decision and impact on the security of Office 365 documents.

Tip: Microsoft reverses decision to block Office macros by default