How to Configure Microsoft 365 Macro Settings for Essential Eight Compliance
If you’re running a business in Australia, especially in sectors like law, healthcare or finance, you’ve probably heard about the Essential Eight cybersecurity framework. It’s a set of strategies recommended by the Australian Cyber Security Centre (ACSC) to help organisations reduce their risk of cyber threats. One of these eight pillars focuses on controlling Microsoft Office macros — and that’s what we’ll dig into today.
Why Macros Matter
Macros in Microsoft 365 are essentially small scripts or bits of code embedded in documents like Excel spreadsheets or Word files. They’re often used to automate repetitive tasks. Handy? Absolutely. But they can also be used by cybercriminals to carry out attacks. Imagine opening what looks like a harmless invoice sent via email — but it’s really a trojan horse loaded with malicious macros. That’s why the ACSC recommends either disabling macros entirely or allowing only digitally signed ones.
Step-by-Step: Configuring Macro Settings for Compliance
Let’s walk through how to get your macro settings in line with Essential Eight recommendations in a Microsoft 365 environment.
1. Use Group Policy or Intune for Central Control
If you’ve got a larger team or multiple devices, configuring macro settings manually on each computer is a nightmare. Instead, use Microsoft Intune or Group Policy Objects (GPO) to enforce consistent settings across your organisation. If you’re using Microsoft Intune, it’s even easier to manage from the cloud.
2. Disable All Macros by Default
In Group Policy, head to:
User Configuration → Administrative Templates → Microsoft Office → [App Name] → Security Settings → Macro Settings
Choose “Disable all macros without notification” to block macro execution entirely. This is the most secure option and aligns with the highest maturity level of the Essential Eight.
3. Allow Only Digitally Signed Macros (Optional Middle Ground)
If your business relies on macros, consider the option “Disable all macros except digitally signed macros”. This setting allows macros to run only if they’ve been signed with a trusted certificate.
Make sure your team knows how to create and use digital certificates. This approach gives you functionality without opening the door to malicious code.
4. Block Macros from the Internet
Microsoft 365 has a built-in feature to block macros in files downloaded from the internet. This adds another layer of protection if someone accidentally opens a dodgy attachment.
For this to work, ensure the “Mark of the Web” (MOTW) is respected by your systems. Files with this marker will have macros blocked unless explicitly allowed.
5. Educate Your Team
Tech settings only go so far. Your people need to understand why macros are risky. Incorporate this into your cybersecurity training and make sure everyone knows to avoid enabling macros in untrusted documents.
A Real-World Story
We recently worked with a mid-sized Brisbane accounting firm. They’d been using macros daily for reporting processes, but they had no restrictions in place. One staff member opened a spreadsheet sent from a ‘client’ and unknowingly triggered a malicious macro. Luckily, the damage was limited, but it was a close call. We helped them roll out Intune policies to restrict macros to only those signed with internal certificates — a move that saved them a lot of stress down the track.
Checking Your Settings
Not sure where your business stands? Run a quick audit. If users can enable macros without restriction, it’s time to take action. We can help you assess your current defences through a cybersecurity risk assessment tailored to Essential Eight requirements.
Need a Hand?
At Gray Area Consulting, we help Aussie businesses implement practical, no-fuss cybersecurity measures that align with frameworks like the Essential Eight. Whether it’s locking down macros or setting up a broader cybersecurity plan, we’ve got your back.
Ready to tighten your macro settings the smart way? Get in touch and let’s chat about how we can make your Microsoft 365 environment safer and more compliant.
