M365 Changelog: Excel Trust Center: new option to block Excel 4.0 (XLM) macros
MC244888 – We are introducing a new Excel Trust Center setting to further restrict the usage of Excel 4.0 (XLM) macros. As part of this rollout, a registry key is being retired, and a group setting is being renamed.
The new macro setting has currently rolled out to Insiders Slow users
Update to admin controls and registry key retirement will occur in May 2021 for Insiders Slow tenants
The new trust center setting will be available and the updated group policy controls can be used to configure the behavior in June 2021 for Monthly Enterprise Channel
Roll-out: user level and tenant level
Control type: user control and admin control
Action: review and assess by retirement April 30, 2021
How this will affect your organization
XLM macros is a legacy macro language that was made available to Microsoft Excel in 1992, prior to the introduction of Visual Basic for Applications (VBA) in 1993.
This update enables users to choose only a more secure state by providing more granular controls for macros in Excel, if you have not disabled end-user ability to manipulate macro settings in Excel.
Updated Group Policy “Macro Notification Settings”
This new setting, Enable XLM macros when VBA macros are enabled, can be activated via a checkbox within Macro Settings in the Trust Center. It is enabled by default; this update has no impact to existing macro settings configurations.
What you need to do to prepare
If you have disabled end-user ability to configure any macro settings in Excel, users will also be unable to configure this new setting.
If you would like to disable only XLM macro settings tenant-wide, without impacting VBA macro settings:
Uncheck the setting, Enable XLM macros when VBA macros are enabled
Group Policy Path: User configuration > Administrative templates > Microsoft Excel 2016 > Excel Options > Security > Trust Center
If you would also like to completely block all XLM macros usage (including in new user created files)
Enable Group Policy “Prevent Excel from running XLM macros” which is configurable via Group Policy Editor or registry key
Group Policy Path: User configuration > Administrative templates > Microsoft Excel 2016 > Excel Options > Security > Trust Center