Microsoft is also starting to disable some of the “living off the land” (LOL) attack techniques.
You can even completely disable Visual Basic for Applications in your network with the Group Policy setting “Disable VBA for Office applications.” Making it harder for attackers to live off the land
First, download an appropriate Group Policy administrative template. With Group Policy settings, administrators have been able to block macros by default as far back as Office 2016. You should also evaluate if you want to take actions to block other macro settings using Intune with Azure Active Directory or Group Policy with Active Directory. At a date to be determined, Microsoft plans to make this change to Office LTSC, Office 2021, Office 2019, Office 2016 and Office 2013.
Later, the change will be available in the other update channels, such as Current Channel, Monthly Enterprise Channel, and Semi-Annual Enterprise Channel. The change will begin rolling out in Version 2203, starting with Current Channel (Preview) in early April 2022.
This change affects only Office on devices running Windows and Access, Excel, PowerPoint, Visio and Word. If you’ve downloaded macro-based templates from websites, mark these files as trusted and remove the “mark of the web” from the files to ensure that they continue to work. Setting this as the default will mean that you’ll be better protected. Specially, Visual Basic Application obtained from the internet will be blocked by default. Launching malicious macros is a common way that attackers can gain access to computer systems and launch lateral attacks. The first major change in an Office 365 default blocks internet macros by default. This includes blocking macros by default, limiting native tools used by attackers, and activating Credential Guard by default. async function main(context: Excel.Microsoft changes default settings for a variety of reasons, but some recent key changes will keep us safer from attacks, specifically ransomware. Note that if your main function looks like the following, your script is using the older asynchronous model. I f you want to use the simplified APIs in the older scripts or convert to the new simplified API, you must start with a new script. However, all newly r ecorded and created scripts will use the simplified Office Scripts API. You can continue to edit and run such scripts. If you have recorded or created Office Scripts using the older model, rest assured that such script s will continue to work. function main(workbook: ExcelScript.Workbook) `) You can identify the simplified API design by inspecting the main function, which contains the top-level workbook object as its first argument, as shown.
This includes the n ewly r ecord ed a ctions and new script s created using the Code Editor. Users will automatically create scripts with the new APIs when th e feature is fully available in public preview. How do I get the simplified API features?
We’re excited to announce the API simplification for Office Scripts in public preview.