Excel's macro security settings determine whether VBA code runs when a workbook opens. After migrating from .xls to .xlsm, users may encounter macro warnings or disabled macros that didn't appear before. Here's what the settings mean and how to configure them correctly.
Found at: File > Options > Trust Center > Trust Center Settings > Macro Settings
| Setting | What It Does | When to Use |
|---|---|---|
| Disable all macros without notification | Macros silently blocked — no prompt, no yellow bar | High-security environments only; most users shouldn't use this |
| Disable all macros with notification | Yellow bar appears asking to enable macros | Default for most users — good balance of security and usability |
| Disable all macros except digitally signed | Only macros with a valid code-signing certificate run automatically | Enterprise environments with a code signing infrastructure |
| Enable all macros | All macros run without prompts | Only for isolated development machines — not production |
The recommended setting for most users is "Disable all macros with notification." This is secure (unsigned macros don't run automatically) but usable (you see a prompt and can choose to enable).
When Excel shows a yellow bar with "Enable Content," it's telling you a macro-containing file is present and asking for permission. Click Enable Content to allow macros for that session.
If you're tired of seeing this bar every time you open a trusted internal file, the solution is Trusted Locations — not disabling macro security entirely.
A Trusted Location is a folder (or network path) where Excel automatically allows macros to run without the yellow bar prompt. Any file opened from a Trusted Location is treated as safe.
To add a Trusted Location: File > Options > Trust Center > Trust Center Settings > Trusted Locations > Add new location.
For network paths, check "Subfolders of this location are also trusted" and check "Network locations can be used as trusted locations" (disabled by default).
After migration: If your .xls files were in a folder users trusted, add the equivalent folder with .xlsm files as a new Trusted Location.
Windows 11 applies a "Mark of the Web" flag to files downloaded from the internet, email, or certain network shares. Even if your Trust Center settings allow macros, a file with MOTW will be blocked by Windows itself.
The fix: right-click the file > Properties > check Unblock. Or, for files stored on a network share, add that share to Internet Explorer's (or Edge's) Trusted Sites zone — this removes MOTW from files accessed from that location.
For organizations managing Excel settings across many machines, macro security settings can be enforced via Group Policy (ADMX templates for Microsoft 365 are available from Microsoft). This allows IT to set a consistent security baseline without per-user configuration.
Key GPO settings: User Configuration > Administrative Templates > Microsoft Excel 2016 > Excel Options > Security > Trust Center
LegacyLeaps's scan report identifies Mark of the Web flags and Trust Center issues alongside VBA compatibility problems — one report, all issues visible.
Run Free ScanPractical fixes for legacy Excel and Access problems. No spam.