“The default is more secure and is expected to keep more users safe, including home users and information workers in managed organizations,” says Kellie Eickmeyer, a principal PM at Microsoft, in a blog post.
People would have malicious macros inside Office files, so when you ran them, they could install malware. When this change goes live, Microsoft will make it so clicking on these macros won’t run them by default in Access, Excel, PowerPoint, Visio, and Word.
The specific wording of the change is “VBA macros obtained from the internet will now be blocked by default.” Basically, that means that when you download an Office file and open it, any VBA macros within it will be blocked automatically and you’ll have to manually override for each file.
Unfortunately, that also means that legitimate macros will also not work. If a coworker sends you an Excel file with VBA macros in it, you’ll need to manually enable them through the file’s properties menu. It’s an extra step, but considering how prevalent these malicious macros are, it might be worth it.
As far as when this change will go live, Microsoft said that it plans to add it to Version 2203, starting with Current Channel (Preview) in early April 2022. It’ll roll out to other Office update channels later, though the company didn’t get more specific.