Data security and Python in Excel
Applies To
Excel for Microsoft 365Python in Excel is now available to Enterprise and Business users running the Current Channel on Windows, starting with Version 2407 (Build 17830.20128), and Monthly Enterprise Channel on Windows, starting with Version 2408 (Build 17928.20216). It’s available in preview for Family and Personal users running the Current Channel on Windows starting with Version 2405 (Build 17628.20164). Python in Excel is available in preview for Education users running the Current Channel (Preview) through the Microsoft 365 Insider Program. It's not currently available for the Semi-Annual Enterprise Channel.
It's rolling out to Excel for Windows first, and then to other platforms at a later date. For more availability information, see Python in Excel availability.
If you encounter any issues with Python in Excel, please report them by selecting Help > Feedback in Excel.
New to Python in Excel? Start with Introduction to Python in Excel and Get started with Python in Excel.
Python runs in the Microsoft Cloud
Python in Excel runs the Python code used by Excel in a secure container on the Microsoft Cloud with enterprise-level security as a compliant Microsoft 365 connected experience. Working with others on a document stored on OneDrive or using the Analyze Data feature in Excel are other examples of compliant Microsoft 365 connected experiences.
Python in Excel runs in the Microsoft Cloud with the following attributes.
-
Python code runs on hypervisor isolated containers built on Azure Container Instances.
-
The container has Python and a curated set of secured libraries provided by Anaconda.
-
The environment uses the Anaconda Distribution for Python, which contains source-built Python and libraries, provided directly from Anaconda.
-
The Python code doesn't have access to your computer, devices, or account.
-
The Python code doesn't have network access.
-
The Python code doesn't have access to a user token.
-
The Python code can access data through the references via the built-in xl() function as part of a Python formula. This means that Python formulas have access to read cell values within the workbook, based on the cell reference, or values from external data sources, through the Power Query connection name.
-
Python code returns output to your workbooks through the =PY() Excel function, which displays the result of the Python code in the cell where the function is entered. Python functions cannot return other object types like macros, VBA code, or other formulas.
-
The Python code doesn’t have access to other properties in the workbook, such as formulas, charts, PivotTables, macros, or VBA code.
-
The containers stay online as long as the workbook is open or until a timeout occurs.
-
Data isn't persisted in the Microsoft Cloud.
Frequently asked questions
Python in Excel follows the same security policies as Excel when it comes to opening workbooks from the internet or untrusted sources.
If you open a workbook that contains Python code from the internet, Excel Protected View won’t run Python formulas in the workbook. If a workbook is opened with Microsoft Defender Application Guard, Python formulas don’t run by default.
In addition, Python in Excel runs the Python formulas in the untrusted workbook within its own dedicated hypervisor isolated container, helping prevent potential interaction or interference with other Python code running from other open workbooks.
Python in Excel uses containers to run Python code on Azure. Containers are isolated and secure environments that can run applications and services without affecting the rest of the system. To help ensure the security and reliability of the containers, regular updates and patches are applied to them.
Python and the libraries are updated in the following ways to help keep your data secure and your numerical results consistent.
-
Patches are applied to the underlying operating system that the Azure Container Instance runs on. This helps ensure the container is protected from vulnerabilities and exploits that may affect your data. This is done automatically with no input required from you.
Periodic updates of the Python environment will be released, with Python and the libraries provided by Anaconda. These versions include the latest security fixes and enhancements from the Python and Anaconda communities. These releases will be announced through blog posts and documentation. This will be done automatically with no setup required, and Microsoft will default to the latest environment. Existing workbooks will still calculate against the version of the environments the workbook was created on, and users will be prompted to upgrade if there is a newer version. This approach helps ensure that your numerical results stay consistent and allows you and your organization to stay up to date.
Your privacy is important to Microsoft. See the Microsoft privacy statement for more details.
To review the data protection policies of Microsoft 365 connected experiences, see Connected experiences in Microsoft 365.
To review the data protection policies when using Copilot with workbook data, see Data, Privacy, and Security for Microsoft 365 Copilot.
To understand how data sent from your workbook to the container is processed, see Required service data for Office.
Yes, Python in Excel is General Data Protection Regulation (GDPR) and European Union Data Boundary (EUDB) complaint. Customers in the European Union (EU) have their containers run in the EU. Multinational tenants can configure all their containers to run in Europe through the Office Configuration Service. For more information about compliance, see Azure, Dynamics 365, and Microsoft 365 compliance offerings.
Python in Excel doesn’t handle or store any data at rest. Your data is your data. It’s not shared with any third parties, nor used for AI training by Copilot.
No.
Yes. For more information about compliance, see Azure, Dynamics 365, and Microsoft 365 compliance offerings.
User code runs in a hypervisor isolated container under a least privileged account.
Python in Excel assumes everything that is run in the container is malicious and strictly restrict inputs and outputs of the container. You can only access data referenced by the formula. You can only return values or images back.
Python in Excel reserves the right to block anything that is found to break a hypervisor isolation or network boundaries.
Additional considerations
Update the registry to toggle security warnings for Python in Excel
The following commands show how to update the registry to change security warning settings for Python in Excel. Run the commands from an elevated command prompt on a Windows device.
-
Use this command to disable all security warnings. This is the default setting for Python in Excel.reg add HKCU\software\policies\microsoft\office\16.0\excel\security /v PythonFunctionWarnings /t REG_DWORD /d 0 /f
-
Use this command to enable a security prompt when opening a workbook that contains a Python formula. It enables a Security Warning notice in the Excel business bar.reg add HKCU\software\policies\microsoft\office\16.0\excel\security /v PythonFunctionWarnings /t REG_DWORD /d 1 /f
-
Use this command to disable all Python functions from running in the opened workbook. Python functions will return the error #BLOCKED!.reg add HKCU\software\policies\microsoft\office\16.0\excel\security /v PythonFunctionWarnings /t REG_DWORD /d 2 /f
Microsoft will continue to monitor and adjust Python in Excel to keep you and your data safe. This may involve future changes to the user experience and registry settings.
To stay up to date and see the reports of security vulnerabilities affecting Microsoft’s products and services, see the Microsoft Security Response Center Update Guide.