{"id":75832,"date":"2016-10-26T12:56:24","date_gmt":"2016-10-26T19:56:24","guid":{"rendered":"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/?p=75832"},"modified":"2023-05-15T23:07:28","modified_gmt":"2023-05-16T06:07:28","slug":"office-2013-can-now-block-macros-to-help-prevent-infection","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2016\/10\/26\/office-2013-can-now-block-macros-to-help-prevent-infection\/","title":{"rendered":"Office 2013 can now block macros to help prevent infection"},"content":{"rendered":"<table style=\"width: 40%; float: right; margin-left: 20px;\">\n<tbody>\n<tr>\n<td style=\"padding: 20px; background-color: #f5f5f5;\"><em>Office 365 client applications now integrate with <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/desktop\/amsi\/antimalware-scan-interface-portal\">AMSI<\/a>, enabling antivirus and other security solutions to scan macros and other scripts at runtime to check for malicious behavior.<\/em><\/p>\n<p><em>This is part of our continued efforts to tackle entire classes of threats. Learn more:<\/em><\/p>\n<p><em><a href=\"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/2018\/09\/12\/office-vba-amsi-parting-the-veil-on-malicious-macros\/\"><strong>Office VBA + AMSI: Parting the veil on malicious macros<\/strong><\/a><\/em><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>In response to the growing trend of macro-based threats, a new feature in Office 2016 allows an enterprise administrator to block users from running macros in Office documents that originated from the Internet.<\/p>\n<p>This feature was documented back in March: <a href=\"https:\/\/blogs.technet.microsoft.com\/mmpc\/2016\/03\/22\/new-feature-in-office-2016-can-block-macros-and-help-prevent-infection\/\">New feature in Office 2016 can block macros and help prevent infection<\/a>, and the predominant customer request we received was for this feature to be added to Office 2013.<\/p>\n<p>We are pleased to announce that, as of September 2016, this feature is now part of Office 2013 \u2013 and it works in the same way as it does in Office 2016.<\/p>\n<p>Administrators can enable this feature for Word, Excel, and PowerPoint by configuring it under the respective application\u2019s <a href=\"https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?id=35554\">Group Policy Administrative Templates for Office 2013<\/a>.<\/p>\n<p>For more information on how this feature works, and some background information on how macros can be abused for malware, see our <a href=\"https:\/\/blogs.technet.microsoft.com\/mmpc\/2016\/03\/22\/new-feature-in-office-2016-can-block-macros-and-help-prevent-infection\/\">blog from March 2016<\/a>.<\/p>\n<p>More info for end-users: <a href=\"https:\/\/support.office.com\/en-us\/article\/enable-or-disable-macros-in-office-files-12b036fd-d140-4e74-b45e-16fed1a7e5c6\">Learn how to enable or disable macros in Office files<\/a><\/p>\n<p>More info for admins and IT professionals: <a href=\"https:\/\/support.office.com\/en-us\/article\/overview-of-security-and-compliance-in-office-365-dcb83b2c-ac66-4ced-925d-50eb9698a0b2?ui=en-US&amp;rs=en-US&amp;ad=US\">Learn about security and compliance in Office 365<\/a><\/p>\n<p>Related blog entry:\u00a0<a href=\"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/2018\/06\/07\/machine-learning-vs-social-engineering\/\"><strong>Machine learning vs. social engineering<\/strong><\/a><\/p>\n<hr \/>\n<h4><strong>Talk to us<\/strong><\/h4>\n<p>Questions, concerns, or insights on this story? Join discussions at the <a href=\"https:\/\/answers.microsoft.com\/en-us\/protect\" target=\"_blank\" rel=\"noopener\">Microsoft community<\/a> and <a href=\"https:\/\/www.microsoft.com\/en-us\/wdsi\" target=\"_blank\" rel=\"noopener\">Windows Defender Security Intelligence<\/a>.<\/p>\n<p>Follow us on Twitter <a href=\"https:\/\/twitter.com\/WDSecurity\" target=\"_blank\" rel=\"noopener\">@WDSecurity.<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Office 365 client applications now integrate with AMSI, enabling antivirus and other security solutions to scan macros and other scripts at runtime to check for malicious behavior. This is part of our continued efforts to tackle entire classes of threats. Learn more: Office VBA + AMSI: Parting the veil on malicious macros In response to [&hellip;]<\/p>\n","protected":false},"author":61,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ms_queue_id":[],"ep_exclude_from_search":false,"_classifai_error":"","_classifai_text_to_speech_error":"","footnotes":""},"content-type":[3663],"topic":[3687],"products":[],"threat-intelligence":[3727],"tags":[],"coauthors":[1968],"class_list":["post-75832","post","type-post","status-publish","format-standard","hentry","content-type-research","topic-threat-intelligence","threat-intelligence-attacker-techniques-tools-and-infrastructure"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Office 2013 can now block macros to help prevent infection | Microsoft Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2016\/10\/26\/office-2013-can-now-block-macros-to-help-prevent-infection\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Office 2013 can now block macros to help prevent infection | Microsoft Security Blog\" \/>\n<meta property=\"og:description\" content=\"Office 365 client applications now integrate with AMSI, enabling antivirus and other security solutions to scan macros and other scripts at runtime to check for malicious behavior. This is part of our continued efforts to tackle entire classes of threats. Learn more: Office VBA + AMSI: Parting the veil on malicious macros In response to [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2016\/10\/26\/office-2013-can-now-block-macros-to-help-prevent-infection\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2016-10-26T19:56:24+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-16T06:07:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-microsoft_logo_element.png\" \/>\n\t<meta property=\"og:image:width\" content=\"512\" \/>\n\t<meta property=\"og:image:height\" content=\"512\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Microsoft Defender Security Research Team\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Microsoft Defender Security Research Team\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2016\/10\/26\/office-2013-can-now-block-macros-to-help-prevent-infection\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2016\/10\/26\/office-2013-can-now-block-macros-to-help-prevent-infection\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/windows-defender-research\/\",\"@type\":\"Person\",\"@name\":\"Microsoft Defender Security Research Team\"}],\"headline\":\"Office 2013 can now block macros to help prevent infection\",\"datePublished\":\"2016-10-26T19:56:24+00:00\",\"dateModified\":\"2023-05-16T06:07:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2016\/10\/26\/office-2013-can-now-block-macros-to-help-prevent-infection\/\"},\"wordCount\":264,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2016\/10\/26\/office-2013-can-now-block-macros-to-help-prevent-infection\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2016\/10\/26\/office-2013-can-now-block-macros-to-help-prevent-infection\/\",\"name\":\"Office 2013 can now block macros to help prevent infection | Microsoft Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"datePublished\":\"2016-10-26T19:56:24+00:00\",\"dateModified\":\"2023-05-16T06:07:28+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2016\/10\/26\/office-2013-can-now-block-macros-to-help-prevent-infection\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2016\/10\/26\/office-2013-can-now-block-macros-to-help-prevent-infection\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2016\/10\/26\/office-2013-can-now-block-macros-to-help-prevent-infection\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Office 2013 can now block macros to help prevent infection\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Office 2013 can now block macros to help prevent infection | Microsoft Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2016\/10\/26\/office-2013-can-now-block-macros-to-help-prevent-infection\/","og_locale":"en_US","og_type":"article","og_title":"Office 2013 can now block macros to help prevent infection | Microsoft Security Blog","og_description":"Office 365 client applications now integrate with AMSI, enabling antivirus and other security solutions to scan macros and other scripts at runtime to check for malicious behavior. This is part of our continued efforts to tackle entire classes of threats. Learn more: Office VBA + AMSI: Parting the veil on malicious macros In response to [&hellip;]","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2016\/10\/26\/office-2013-can-now-block-macros-to-help-prevent-infection\/","og_site_name":"Microsoft Security Blog","article_published_time":"2016-10-26T19:56:24+00:00","article_modified_time":"2023-05-16T06:07:28+00:00","og_image":[{"width":512,"height":512,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-microsoft_logo_element.png","type":"image\/png"}],"author":"Microsoft Defender Security Research Team","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Microsoft Defender Security Research Team","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2016\/10\/26\/office-2013-can-now-block-macros-to-help-prevent-infection\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2016\/10\/26\/office-2013-can-now-block-macros-to-help-prevent-infection\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/windows-defender-research\/","@type":"Person","@name":"Microsoft Defender Security Research Team"}],"headline":"Office 2013 can now block macros to help prevent infection","datePublished":"2016-10-26T19:56:24+00:00","dateModified":"2023-05-16T06:07:28+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2016\/10\/26\/office-2013-can-now-block-macros-to-help-prevent-infection\/"},"wordCount":264,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2016\/10\/26\/office-2013-can-now-block-macros-to-help-prevent-infection\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2016\/10\/26\/office-2013-can-now-block-macros-to-help-prevent-infection\/","name":"Office 2013 can now block macros to help prevent infection | Microsoft Security Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"datePublished":"2016-10-26T19:56:24+00:00","dateModified":"2023-05-16T06:07:28+00:00","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2016\/10\/26\/office-2013-can-now-block-macros-to-help-prevent-infection\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2016\/10\/26\/office-2013-can-now-block-macros-to-help-prevent-infection\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2016\/10\/26\/office-2013-can-now-block-macros-to-help-prevent-infection\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"Office 2013 can now block macros to help prevent infection"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"msxcm_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/75832","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/61"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=75832"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/75832\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=75832"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=75832"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=75832"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=75832"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=75832"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=75832"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=75832"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}