Microsoft rolled back the block on macros with surprisingly little explanation given that the new default behavior in Office apps was aimed at cutting off a primary means for delivering malware in email attachments. Since April, key Office apps on Windows have, by default, made it much harder to run VBA macros that have been delivered from the internet. Previously, users could fairly easily click a button to enable macros, which attackers frequently exploited to trick them into downloading malware. Microsoft said the changed default behavior for macros originally was “to make it more difficult to trick users into running malicious code via social engineering while maintaining a path for legitimate macros to be enabled where appropriate via Trusted Publishers and/or Trusted Locations.” The company told admins last week that it was rolling back the new default on internet macros because of “feedback” and appeared to suggest that it was temporary - but wasn’t clear about the question and didn’t say when it would return the restriction. Now it’s given a slightly more detailed explanation that it wants to “enhance usability”, though it doesn’t say what part of the default behavior that users were having trouble with. It also notes that admins can adjust Group Policy to block internet-delivered macros. “Following user feedback, we have rolled back this change temporarily while we make some additional changes to enhance usability. This is a temporary change, and we are fully committed to making the default change for all users,” Microsoft says on its original post announcing the internet macro block. “Regardless of the default setting, customers can block internet macros through the Group Policy settings described in this article. We will provide additional details on timeline in the upcoming weeks.” The default block VBA macros applied to Access, Excel, PowerPoint, Visio, and Word on Windows devices. The change prevented users from enabling these kinds of macros with a single click. The plan is to roll the feature out to Current Channel and then other channels, like the Monthly Enterprise and Semi-Annual Enterprise Channels. It will also be applied to the Long Term Servicing Channel version of Office, including Office LTSC, Office 2021, Office 2019, Office 2016, and Office 2013.