Aaron Card is the Digital Forensics and Incident Response (DFIR) Lead, US at NTT Ltd.
If you are an organization that absolutely must use macro functionality to function, then I suggest running all functionality and users in virtual desktop environments to greatly limit any spread or damage from macro malware that persists.
Threat researcher explains why it's tricky to tell the difference between legitimate Excel Macros and ones that deliver malware.