Microsoft to Disable ActiveX Controls in Office 365 and 2024

According to a product announcement released by Microsoft, the company plans to begin disabling all ActiveX controls in Microsoft 365 and Microsoft Office 2024 on Windows 10 and 11 starting at the end of this month. By default, these controls will be blocked unless users manually configure their systems to allow them.

Originally introduced in 1996, ActiveX is a software framework that enables developers to embed interactive objects within Microsoft Office applications, allowing for advanced functionalities—such as executing embedded code.

However, this very capability has also made ActiveX a favored vector for cybercriminals and phishing campaigns. Malicious actors have exploited ActiveX to embed harmful code in documents, luring users into triggering remote backdoors or downloading other forms of malware.

In an effort to enhance security, Microsoft will now block the execution of ActiveX controls across all Office components without issuing any warning prompt. (Previously, such controls were disabled by default but accompanied by a notification banner.) This change is intended to prevent users from unknowingly activating harmful content.

That said, Microsoft acknowledges that some enterprises and advanced users still rely on ActiveX controls. For these cases, users can manually re-enable ActiveX functionality—but doing so may introduce security risks, which should be carefully weighed by IT administrators.

Steps to Re-enable ActiveX Controls in Office:

1. Select File, then Options.
2. Select Trust Center, then the Trust Center Settings button.
3. Select ActiveX Settings, then make sure Prompt me before enabling all controls with minimal restrictions.
4. Select OK, then OK again to save your settings and go back to your document.

Once completed, ActiveX controls will be re-enabled across all Office components. If certain applications, such as Excel, still fail to run ActiveX controls, the trust settings may need to be configured individually for each specific program.

Previously, Microsoft also disabled VBA macros by default within Office. Like ActiveX, macros can extend Office functionality but also pose security concerns. Users who wish to enable macros must also do so manually through the Trust Center settings.

Related Posts:

• Microsoft Announces Microsoft 365 for the U.S. Gov: Offering a Complete Office Solution

About The Author

Ddos

Ddos is a seasoned news reporter, bringing over a decade of expertise to the forefront of cyber security and technology reporting. My work provides timely and insightful analysis of emerging trends and critical developments in these rapidly evolving sectors.

See author's posts