Excel for Mac: Security Settings in Excel for Mac

This week in our series about Microsoft Excel for Mac, we cover the security settings that are available to protect data from malicious actions i.e. cyber threats.

How trusting are you?

Since Excel has deep and rich capability for automation, and it’s used by millions and millions around the world, it is a target for cyber threats.  Much of the way to protect yourself and your organization relies on trust, and Microsoft has built a detailed ‘Trust Center’ into its applications on Windows.  However, the ‘Trust Center’ isn’t available in Excel for Mac, so we’ll share the important capabilities that are available and how to use them.

Overview of the attack surface

VBA macros are the most obvious and significant feature of Excel that expose a potential for malicious action, and this is nothing new.  Over the years, attackers have become more and more sophisticated, so Microsoft and users of Excel have needed to react with more vigilence to avoid the threat.  VBA macros can automate a wide variety of tasks, not only in Excel, but on your computer.  A successful attacker could do serious damage in a similar way to other types of malware.  For example, the macro could behave like ransomware by stealing your data or exposing it on the internet.  It could gain access to your contact list, and perhaps even replicate itself by emailing the malicious workbook from your account.

Security options in Excel for Mac

Even though the full ‘Trust Center’ isn’t available on Mac, some of the functionality from it is available, and you should familiarize yourself with it.

The first is ‘Macro Security’, where you may choose from one of three [3] simple options.  The default options is ‘Disable all macros with notification’:

 If this option is enabled, then any time you open a workbook that includes a macro, you’ll get a warning and have the option to  ‘Disable Macros’ or ‘Enable Macros’.  This is like Windows, except that you can’t choose to “always trust” a document.  Therefore, you’ll need to respond to this warning each time.

The most secure option on the Security dialog is to ‘Disable all macros without notification’. You won’t be prompted to enable or disable, so you can’t fall victim to someone who’s trying to trick you into clicking the ‘Enable Macros’ button.

The other option is to ‘Enable all macros (not recommended; dangerous code can run)’.  As this option makes clear, this is not recommended, since it leaves you most susceptible to an attack.  If you’re only opening trusted files, and you don’t like to get the alert each time you open a file, then it can be used, but be vigilant.

Another important option on the Security dialog is in the ‘Developer Macro Settings’ section.  ‘Trust access to the VBA project object model’ is disabled (unchecked) by default and it’s recommended to keep it that way unless you’re developing an add-in or macros that require access to the VBA development environment and object model.  We covered the ‘Document Specific Settings’last week.

Administrative options

Microsoft does offer a few more options, but they aren’t available from within the Excel preferences on Mac.  Administrators can control the settings shown in the Excel preferences as well as a few that are not in the preference panel.

Microsoft has an article that goes into detail about each of the settings and how to enable or disable them - Set preferences for macro security in Office for Mac - Microsoft 365 Apps | Microsoft Learn.

Word to the Wise

Only enable macros if you trust the source of the workbook.

We hope you found this topic helpful. Check back for more details about Excel for Mac and how it’s different to Excel for Windows.