Microsoft has integrated all the Office apps with Antivirus to prevent macro malware attacks. The company is using Antimalware Scan Interface (AMSI) to tackle VBA macros embedded in documents.
When a potentially high-risk function or method (a trigger; for example, CreateProcess or ShellExecute) is invoked, Office halts the execution of the macro and requests a scan of the macro behavior logged up to that moment, via the AMSI interface.
Microsoft future notes that the solution might not be perfect but it’s better to have nothing. That said since Microsoft is using ATP and Windows Defender, the results can be shared and can block new threats. The Office AMSI integration is turned on by default in all Office 365 applications that support VBA macros, including Word, Excel, PowerPoint, and Outlook. Microsoft will scan all the Macros unless they’re signed by a trusted party or they’re opened in a trusted location.