Why Blocking Macros in M365 Is Simple… Unless You Pay for the Wrong License

Macros are one of the oldest attack vectors in the book and somehow still one of the most effective. In this video, I break down what macros actually are, why they’re risky, and how you should be able to block them in Microsoft 365. But here’s the twist:

If you’re an SMB using Microsoft 365 Business Premium, the path to proper macro protection isn’t as straightforward as Microsoft’s marketing might suggest.

In this video, you’ll learn:

- What macros do and why attackers love them

- The difference between “blocking macros” in theory vs in Microsoft 365 reality

- Why Office 365 Apps for Business is missing key protections

- How to configure intune to block macros

If you’re a small or midsize business trying to secure your environment without enterprise tools (or enterprise budget), this one’s for you.

ACSC Macro Disabling Policy

https://github.com/microsoft/Intune-ACSC-Windows-Hardening-Guidelines/blob/main/office/policies/All%20Macros%20Disabled.json

ACSC Office Hardening Policy https://github.com/microsoft/Intune-ACSC-Windows-Hardening-Guidelines/blob/main/office/policies/ACSC%20Office%20Hardening%20Guidelines.json

Microsoft Article on blocking Macros with disclaimer

https://learn.microsoft.com/en-us/microsoft-365-apps/security/internet-macros-blocked#use-policies-to-manage-how-office-handles-macros