Does "=cmd" CSV injection still exist in 2020?

Finally found the reason why the payload were not executing: DDE launch was disabled in Excel options.

If someone has the same issue, this setting can be found in

File → Options → Trust Center → Trust Center Settings → External Content → Enable Dynamic Data Exchange Server Launch

Reference https://docs.microsoft.com/en-us/office365/troubleshoot/security/security-settings