Microsoft plans to block by default VBA macros obtained from the internet in Office on devices running Windows. This will impact Access, Excel, PowerPoint, Visio, and Word, according to a February 7 blog post from the Office product group. The change will begin rolling out in the Current Channel (preview) of Office on Windows and will prevent users from enabling these kinds of macros with a single click.
Over time, Microsoft will move beyond the Current Channel with this change and apply it to other Office distribution channels, like the Monthly Enterprise and Semi-Annual Enterprise Channels. This change also will be applied to the Long Term Servicing Channel version of Office, including Office LTSC, Office 2021, Office 2019, Office 2016, and Office 2013.
A message bar noting that a particular downloaded VBA is not trusted will note: "Security Risk: Microsoft has blocked macros from running because the source of this file is untrusted" next to a Learn More button. The Learn More button will take users to an article about the security risk of bad actors using macros, ways to prevent phishing and malware, and instructions for enabling these macros by saving the file and removing the Mark of the Web (MOTW). The MOTW is added to files by Windows when they're from an untrusted location (internet or Restricted Zone).
This article from Microsoft has more information for IT pros/admins about the coming change in macro behavior.