Skip to main content
Microsoft Security
Office 365 client applications now integrate with AMSI, enabling antivirus and other security solutions to scan macros and other scripts at runtime to check for malicious behavior.

This is part of our continued efforts to tackle entire classes of threats. Learn more:

Office VBA + AMSI: Parting the veil on malicious macros

In response to the growing trend of macro-based threats, a new feature in Office 2016 allows an enterprise administrator to block users from running macros in Office documents that originated from the Internet.

This feature was documented back in March: New feature in Office 2016 can block macros and help prevent infection, and the predominant customer request we received was for this feature to be added to Office 2013.

We are pleased to announce that, as of September 2016, this feature is now part of Office 2013 – and it works in the same way as it does in Office 2016.

Administrators can enable this feature for Word, Excel, and PowerPoint by configuring it under the respective application’s Group Policy Administrative Templates for Office 2013.

For more information on how this feature works, and some background information on how macros can be abused for malware, see our blog from March 2016.

More info for end-users: Learn how to enable or disable macros in Office files

More info for admins and IT professionals: Learn about security and compliance in Office 365

Related blog entry: Machine learning vs. social engineering

Talk to us

Questions, concerns, or insights on this story? Join discussions at the Microsoft community and Windows Defender Security Intelligence.

Follow us on Twitter @WDSecurity.