Register today for Zero Trust World 2026!
Contact us
833-292-7732
BACK TO BLOGS Back to Press Releases
Disable Office application macros
June 24, 2025

Disable Office application macros and block macro-enabled Office files to prevent cyberattacks

Written by:

Kieran Human, Special Projects Engineer

Table of contents

Text Link

NOTE: Some Group Policy settings might require the necessary ADMX to appear in Group Policy Management Editor. You can download them here.

Cybercriminals have long exploited macro-enabled Office files to carry out attacks. While they have a use case for some businesses, almost all security frameworks suggest disabling or at least mitigating the use of macro-enabled Office files. This is done through Microsoft 365, Group Policy, and ThreatLocker Configuration Manager.

Below are the steps to deploy this configuration across your organization depending on your preference of enforcement:

Cloud policies (from config.office.com)

Steps for configuring macro settings via cloud policy:

  1. Navigate to config.office.com and login.
  1. On the lefthand navigation pane, select Customization > Policy management.
  1. Create a new policy, choose a name for it and apply it to the desired group or all users in the scope section.
  1. From the policies section, search “macros.” We want to enable Block macros from running in Office files from the internet, and VBA Macro Notification Settings.  
    a. NOTE:     Enable these settings per Office app (Word, Excel, Access etc.).  
Example

b. These are the recommended VBA Macro Notification Settings:

  1. Apply the setting and allow it to propagate to your users—typically 30 minutes or less.
    a. NOTE: Settings enforced through config.office.com will override any settings that are applied through Trust Center settings.

Group Policy (Windows Server Active Directory)

Steps for configuring macro settings via Group Policy:

  1. Navigate to Group Policy Management, then Group Policy Management Editor.
  1. On the lefthand navigation pane, select User Configuration > Administrative Templates > Microsoft Access 2016 > Trust Center.
  1. We want to enable Block macros from running in Office files from the internet, and VBA Macro Notification Settings.  
    a. NOTE:     Enable these settings per office app (Word, Excel, Access etc.).

b. Like Cloud based policies, the recommended settings for VBA Macro Notifications are below:

  1. Apply the setting and allow it to propagate to your users. a. NOTE: Settings enforced through Group Policy will override any settings applied through Trust Center settings.

ThreatLocker (Config Manager)

Steps for configuring macro settings in ThreatLocker (Config Manager):

  1. Sign in to the ThreatLocker portal and navigate to Config Manager module:
  1. Password protection settings:
    a. Under the New Policy section, click on Drop down menu.
    b. On the drop-down page, look for Configure downloaded office macros.
    c. Once created, click Deploy Policies to apply the configuration to your endpoints.

Follow the steps above to reduce your attack surface from Office macros and align with common security framework guidelines.

TAKE CONTROL OF YOUR ORGANIZATION'S SECURITY

Request your 30-day trial to the entire ThreatLocker platform today.

Try ThreatLocker

Ready to try out the ThreatLocker® platform?

Request a free 30-day trial today and see how ThreatLocker can take your organization's security to the next level.

Click X to close