ActiveX soon disabled by default in Microsoft 365



 Microsoft 365 Insider Blog:

Hi, Insiders! My name is Zaeem Patel, and I’m a Product Manager on the Office Security team. I’m excited to share an update to one of our default settings in Microsoft 365 that will help keep everyone’s files more secure!

ActiveX disabled by default in Microsoft 365​

ActiveX is a powerful technology that enables rich interactions within Microsoft 365 applications, but its deep access to system resources also increases security risks.

Starting this month, the Windows versions of Microsoft Word, Microsoft Excel, Microsoft PowerPoint, and Microsoft Visio will have a new default configuration for ActiveX controls: Disable all controls without notification.

The previous default setting, Prompt me before enabling all controls with minimal restrictions, allowed you to enable potentially dangerous ActiveX controls, which could be exploited by attackers through social engineering or malicious files. The new default setting is more secure because it blocks these controls entirely, reducing the risk of malware or unauthorized code execution.

How it works​

  1. Open a file that contains ActiveX controls.
  2. Notice a business bar appears at the top that reads BLOCKED CONTENT: The ActiveX content in this file is blocked, with an option to learn more.

    A banner that reads BLOCKED CONTENT The ActiveX content in this file is blocked.


    NOTE: This notification will only appear if you have not manually set the ActiveX settings in the Trust Center prior to this default change. When ActiveX is disabled, you will no longer be able to create or interact with ActiveX objects in Microsoft 365 files. Some existing ActiveX objects will still be visible as a static image, but it will not be possible to interact with them.
  3. To re-enable ActiveX in a file, select File > Options > Trust Center, then select the Trust Center Settings button.
  4. In the Trust Center dialog box, select ActiveX Settings > Prompt me before enabling all controls with minimal restrictions, and then select the OK button.
NOTE: If the ActiveX settings page is greyed out, it means your admin has configured this policy centrally. Please contact your admin for support. Admins can enable ActiveX for their tenant in Group Policy Editor by selecting Group Policy Path > User configuration > Administrative templates > Microsoft Office 2016 > Security Settings > Disable All ActiveX > Disabled. Or, cloud policies may be deployed with the Cloud Policy. Learn more about Cloud Policy service for Microsoft 365.

Additional information can be found on the support page.

Availability​

ActiveX being disabled by default for Microsoft 365 will begin rolling out to users running Version 2504 (Build 18730.20030) or later from April 2025.

Feedback​

We’d love to know your thoughts about this new security default. You can send us your feedback by going to File > Feedback in any Microsoft 365 app.


 Source:

ActiveX disabled by default in Microsoft 365

This update to a default setting in Microsoft 365 will help keep everyone’s files more secure.
techcommunity.microsoft.com
 
Click to expand...
You must log in or register to reply here.

Similar threads

  • Article Article
Microsoft introducing Researcher and Analyst in Microsoft 365 Copilot
Replies
0
Views
228
Brink
Brink
  • Article Article
What is new in Microsoft 365 Copilot for January 2025
Replies
0
Views
162
Brink
Brink
  • Article Article
Copilot is now included in Microsoft 365 Personal and Family
Replies
1
Views
2K
Brink
Brink
  • Article Article
You Can Now Diagnose Safe/Blocked Senders Issues in Microsoft 365
Replies
0
Views
160
Brink
Brink
  • Article Article
Fixed: Product Deactivated error in Microsoft 365 Office apps
Replies
0
Views
250
Brink
Brink

Latest Support Threads

Latest Tutorials

Back
Top Bottom