- Understand and adjust the Trust Center options to control macro execution and reduce risks.
- Use digital certificates and signatures to guarantee the origin and integrity of the VBA code you are going to run.
- Work with Trusted Locations to minimize alerts without lowering security to unsafe levels.
In Excel, macros are a powerful tool for automating tasks, but they can also be a gateway for malicious code if not managed carefully. Therefore, it's essential to understand how they work. macro security settings, what options are available and when it is appropriate to enable them or not.
In this guide you will find everything you need to navigate with ease: from the Trust Center and the various security politics...even digitally signing VBA projects with certificates (including how to create your own with SelfCert). You'll also see what to do when you get the "Microsoft has blocked macros because the source of this document is not trusted" message, which is very common in files downloaded or shared via OneDrive. We'll get straight to the point, with clear explanations and indicative steps for the most commonly used versions of Excel.
What is a macro and why can it pose a risk?
A macro is, in essence, a sequence of instructions (usually in VBA, Visual Basic for Applications) that automates repetitive actions: updating pivot tables, hiding rows, recording transactions, etc. So far, so good. The problem arises when a macro contains malicious code capable of modifying files, downloading malware or manipulate data without you realizing it; hence, Excel is conservative by default and block or notify before executing them.
It is useful to distinguish between two historical families of macros in Excel: the macros of VBA, the most common today, and the excel macros 4.0 (XLM), prior to VBA. The latter are disabled by default in modern versions and only run if you explicitly enable the corresponding option. Naturally, each type of macro is subject to Security controls specific to the Trust Center.
Digital signatures and certificates: authenticity and integrity (Microsoft Authenticode)
To increase the level of trust, Office uses technology Microsoft Authenticodewhich allows you to digitally sign a macro project or a file. The digital signature serves two purposes: to confirm that the content comes from the signer (authenticity) and to guarantee that It has not been modified from the signature (integrity). If a signed document is altered, the signature becomes invalid and Excel will notify you.
Where do I get the certificate to sign? You can get it from one certification authority (CA) For commercial purposes, request it from your security administrator or IT team, or, if you need it for internal testing, create it yourself using the SelfCert.exe tool. Certificates issued by a CA that is in the Microsoft Root Certificate Program are more readily recognized within the ecosystem. Windows, which facilitates trust validation.
It is also possible to generate a self-signed certificate with SelfCert.exe (Very useful for development or personal environments). Keep in mind that a custom certificate will not automatically be considered fully trusted on all devices: the user or organization will need to verify it. trust the editor explicitly so that the signed macro runs without further warnings.
Once the certificate is installed, you can go to your VBA project and sign it. From that moment on, if the signature is valid and the editor is trusted, Excel will allow you to run the code without blocking it. Signing is not a technical whim: it's a security bar which helps ensure that only identifiable and unmanipulated code circulates and facilitates audit changes in Excel files.
Convert a document to a trusted format to enable macros
If the classic warning bar appears when you open a workbook, you can convert that document to trusted status. The typical workflow in Excel involves pressing Enable content in the message bar and, when the security warning appears, confirm that you want to trust the documentThus, the macros in that file will run without further prompts on subsequent openings.
This is very practical when you always work with the same templates from a well-known source. If you ever regret it, you can revoke the trust by deleting the reliable documents from the Trust Center. Note that on devices managed by your organization, the administrator may prevent you from modifying certain security settings to maintain a homogeneous policy.
Change macro settings in the Trust Center
The heart of macro security lies in the Trust CenterTo get there: File > Options > Trust Center > Trust Center Settings > Macro Settings. From there, you choose the level of restriction that best suits your context (personal, corporate, development, etc.).
- Disable all macros without notificationExcel blocks all macros and does not display warnings. In this mode, macros will only be executed from a specific location. Trusted locationIn Excel it appears as “Disable VBA macros without notification” and applies to VBA.
- Disable all macros with notificationThis is the default option. The file opens with a warning, and you decide whether to proceed. enable the content for that session (or make the document reliable).
- Disable all macros except digitally signed onesOnly macros signed by a publisher you have previously trusted are allowed; unsigned macros will trigger errors. alertsIn Excel, it appears as "Disable VBA macros except those that are digitally signed."
- Enable all macros (not recommended)Excel runs macros without asking. It's the most convenient option. insecure and it only makes sense in isolated or controlled test environments.
In addition, Excel includes a selector for the old XLM macros: “Enable Excel 4.0 macros when VBA macros are enabled”If you do not check this box, XLM will be disabled without notification. This is an additional control for minimizing [the use of XLM]. attack surfaces inherited.
Finally, there is the box “Trusting access to the VBA project object model”This option allows automated external programs to manipulate the VBA environment (for example, by generating code). It's best to leave it enabled. disabled and enable it only when a trusted solution truly needs it.
Blocking macros from the internet in Excel 365 and the OneDrive warning
Since 2022, Microsoft has tightened its policy for files with an “Internet brand” (downloaded from email, the web, etc.). In those cases, you will see messages like:Security riskMicrosoft has blocked the macros because the source is untrusted. This is normal and part of the strategy to stop their execution. potentially dangerous code.
If the file comes from a reliable source and you need to use its macros, a quick way is to save the file locally, right-click on it, and open it. Properties and check the "Unblock" box on the General tab. When you reopen it, Excel will allow you to run macros (provided your security settings permit it). This operation removes the mark indicating that the file comes from Internet.
In the case of books shared by OneDrive via a link, sometimes the file retains that mark. If you don't see the "Unlock" box, save a copy to your computer and repeat the process, or add one. Trusted location (local folder) and work from there. Another corporate alternative is to digitally sign the project with a certificates from a trusted publisher in your organization.
If the computer is managed by your company (for example, with group policies), some options may be blocked. In that case, consult your support team. IT team so that they can assess establishing trusted network locations or mandatory signature policies and review the Google Workspace vs Microsoft 365 comparisonso that you can work with macros without compromising overall security.
Enable macros depending on your version of Excel
Although the Trust Center is the universal route in recent versions, depending on the edition you're using, you'll see slight interface variations. Here's an overview with best practices. recommended for each case.
Excel 2010, 2013, 2016, 2019
When you open a file with macros, the yellow bar with the button usually appears. “Enable content”If you trust the source, click and you're done. If you want to change the default policy, go to File > Options > Trust Center > Trust Center Settings > Macro Settingsand select the level that suits you.
For convenience, many people enable “Enable all macros,” but this is a bad idea except in isolated environments. It is preferable to keep “Disable with notification"and use trusted documents or locations for the files you really need to automate on a daily basis."
Excel 2007
In this version, when you open a workbook with macros you will see the Message bar with a security warning; tap “Options” and choose “Enable content” if you trust the file. To modify the general policy, tap the Office button (top left) > Excel Options > Trust Center > Settings > Macro Settings.
Here too it is tempting to activate “enable all macros"to avoid seeing alerts, but remember: trusted locations solve that problem without opening the door to any code."
Excel 2000 and 2003 (legacy environments)
If you're still using very old versions, the path is Tools > Macros > SecurityMany people used to choose "Low" to avoid notifications, but this is now discouraged. If you rely on these settings, consider moving your files to a folder. of trust and consider an upgrade to benefit from modern controls.
Trusted locations: folders where macros run without warning
A safe and convenient way to work with reliable macros is to create a Trusted locationAny file opened from that folder will be considered trusted and will not display warnings, even if the general policy is set to “Disable with notification.” This is especially useful when downloads templates from trusted authors or you work with standard corporate documentation.
To add a location: open Excel and go to Developer > Macro security Trusted Locations > Add New Location > Browse. Select your folder (for example, “TRUSTFUL FILES”) and confirm. From that moment on, any workbook with macros that you save there will open without locks.
This approach solves two typical scenarios: a file created by you (or your team) and one downloaded from the internet. In both cases, if you place them in the trusted folder, Excel will treat them as safe and allow you to run the code without displaying the warning. to maximise security and your enjoyment. every time.
Other key options: Excel 4.0 (XLM) and access to the VBA object model
Regarding Excel 4.0 macros: as a general rule, keep them disabled Unless you have a clear need and fully understand its origin. If you enable “Enable Excel 4.0 macros when VBA macros are enabled,” remember that this decision applies to all files, so consider its impact on your environment. to maximise security and your enjoyment..
Regarding “Trust access to the VBA project object model”: leave the box unchecked, unless a plugin or script trusted requires automating Excel through the environment of VBAAllowing that access opens a door to external automations that, if misused, can be problematic.
How to react to the message “Microsoft has blocked macros because the source is not trusted”
This notice appears frequently with books shared by OneDriveemail attachments or web downloads. If you know and trust the author, you have several safe alternatives: mark the file as “Unblocked” in Properties, move it to a Trusted locationOr, even better, use a book digitally signed by a publisher that your team has marked as trustworthy.
On a shared PC, the cleanest approach is to establish a trusted local folder and open files from there only if their origin is verified. If you manage the computer, you can also define trusted locations at an organizational level or enforce specific requirements. digital signatures to all macro projects. This way, you reduce alerts and maintain control.
Best practices to avoid "taking risks" with macros
A little digital hygiene works wonders. Here are some simple guidelines to avoid surprises with macros and, at the same time, take advantage of their potential without unnecessary friction, promoting safe and Management.
- Enable macros only when trust at the source. If you have any doubts, don't activate the content and consult the author.
- He prefers documents digitally signedIf the signature is valid and the publisher is trustworthy, you have much more guarantees.
- Works with Trusted Locations For recurring templates. You'll avoid warnings without lowering the security bar.
- Keep access to the object model of VBA unless a legitimate workflow requires it.
- Do not use “enable all macros"as a permanent policy. It's a dangerous shortcut."
- Update Office and your antivirus, and check the origin of the files before opening them.
Resources and related topics that may interest you
If you want to learn more, you can review content on how to change the macro security settings in Excel with more examples, guides of “Quick start"Create a macro in Excel", procedures for block suspicious macros in editions such as Windows 10 S and informational material on how the malware It can infect a computer. All of this will help you understand the reasons behind these policies and implement best practices.
The key is to combine convenience and security with sound judgment: use digital signatures (or your own certificates for testing), rely on trusted locations, keep unnecessary features disabled (such as XML or programmatic access to VBA), and decide on a case-by-case basis when to implement them. enable contentWith these guidelines, macros will continue to be an ally for your productivity without becoming a headache.
Passionate writer about the world of bytes and technology in general. I love sharing my knowledge through writing, and that's what I'll do on this blog, show you all the most interesting things about gadgets, software, hardware, tech trends, and more. My goal is to help you navigate the digital world in a simple and entertaining way.