To safeguard customers from fraudulent documents, Microsoft will shortly start deactivating Excel 4.0 XLM macros by default in Microsoft 365 tenancies.
Malicious campaigns that use Excel 4.0 XLM macros include TrickBot, Qbot, Dridex, Zloader, and a variety of others.