Microsoft will protect Excel users from malware by disabling this ancient feature

Office desktop apps
Office desktop apps (Image credit: Windows Central)

What you need to know

  • Microsoft will soon disable Excel 4.0 XLM macros by default.
  • The move is to improve security, as these types of macros can be used by threat actors to get malware onto PCs.
  • People can use VBA macros instead, which support Antimalware Scan Interface.

Microsoft will soon disable Excel 4.0 XLM macros by default to protect people's PCs. These types of macros can be used by threat actors to get malware onto people's PCs. Attackers can place XLM macros into malicious documents that download malware onto the computers of unsuspecting victims. The switch will disable these types of macros by default in Microsoft 365 tenants.

Instead of Excel 4.0 XLM macros, Microsoft recommends that people use VBA macros. The company has pushed people towards these more secure macros for years but will now take that push further by disabling Excel 4.0 XLM macros by default. VBA macros support Antimalware Scan Interface (AMSI), which can scan documents for malware and other dangerous content.

Windows admins can disable XLM macros through the Excel Trust Center, though soon Microsoft will disable Excel 4.0 macros by default. Preview builds will have XLM macros disabled by default in October, and the change will roll out to the Current Channel in November (via Bleeping Computer).

The details of the switch were shared on Twitter by Omri Segev Moyal:

  • Insiders-Slow: will rollout in late October and be complete in early November.
  • Current Channel: will rollout in early November and be complete in mid-November.
  • Monthly Enterprise Channel (MEC): will begin and complete rollout in mid-December.

If admins or individuals have already manually configured settings related to XLM macros, Microsoft won't change those settings.

Sean Endicott
News Writer and apps editor

Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at