Microsoft Introduces Baseline Security Mode to Strengthen Microsoft 365 Security
In December 2025, Microsoft began deploying a new security feature called Baseline Security Mode across Microsoft 365 tenants. This feature, announced at Ignite 2025, provides administrators with a centralized dashboard within the M365 Admin Center to manage and enforce recommended security configurations for key services, including Office, SharePoint, Exchange, Teams, and Entra.
Overview of Baseline Security Mode
Baseline Security Mode is designed to help organizations quickly identify and mitigate security vulnerabilities by offering a streamlined approach to implementing risk-based hardening measures. By leveraging Microsoft’s extensive threat intelligence and over two decades of response center data, this feature enforces 18 to 20 security policies across three core areas: authentication, file protection, and application security.
Authentication Policies
The authentication component includes 12 policies aimed at enhancing user verification processes. Key measures include:
– Blocking Legacy Protocols: Disabling outdated authentication methods such as basic authentication, Exchange Web Services (EWS), and IDCRL to reduce exposure to credential-based attacks.
– Mandating Phishing-Resistant Multi-Factor Authentication (MFA): Requiring administrators to use advanced MFA methods like FIDO2 or passkeys, which offer stronger protection against phishing attempts compared to traditional MFA approaches.
File Protection Measures
To safeguard against malicious content and unauthorized data access, Baseline Security Mode implements several file protection policies:
– Restricting Insecure Document Access: Preventing the opening of documents through insecure protocols such as HTTP and FTP, as well as disabling features like ActiveX, Dynamic Data Exchange (DDE), and legacy formats outside of Protected View.
– Disabling Vulnerable Applications: Phasing out tools like Microsoft Publisher ahead of its planned retirement in 2026 to eliminate potential security risks associated with outdated software.
Application Security Enhancements
The feature also focuses on bolstering application security by:
– Enforcing Secure Defaults: Applying default security settings that align with best practices to minimize the risk of misconfigurations.
– Providing Impact Reports: Allowing administrators to run simulations and generate reports to assess the potential impact of security policy changes before implementation, ensuring informed decision-making.
Deployment and Accessibility
As of December 2025, Baseline Security Mode is being gradually introduced to select Microsoft 365 tenants, with full global rollout expected by late January 2026. Administrators can access this feature by navigating to the M365 Admin Center under Org Settings > Security & Privacy.
To activate Baseline Security Mode, administrators with Security or Global roles can choose between two options:
1. Automatically Apply Default Policies: This option enforces seven low-impact controls immediately, providing a quick way to enhance security without significant disruptions.
2. Generate Report: This option allows administrators to simulate the application of all policies, review audit-based impact data within 24 hours, and make informed decisions before implementing changes.
Importantly, no changes are applied to the tenant until they are explicitly approved by the administrator, ensuring that security enhancements are implemented thoughtfully and without unintended consequences.
Addressing Common Security Challenges
Baseline Security Mode aims to tackle prevalent security issues such as misconfigurations that can lead to credential stuffing, phishing, and supply chain attacks. By simplifying the enforcement of security policies across multiple services, it helps organizations proactively defend against emerging threats, including those driven by artificial intelligence.
Future Developments
Microsoft plans to expand Baseline Security Mode to include additional services such as Purview, Intune, and Azure. This expansion aligns with the company’s Secure Future Initiative, which focuses on enhancing security measures to protect against evolving cyber threats.
Conclusion
The introduction of Baseline Security Mode represents a significant step forward in Microsoft’s efforts to provide organizations with robust, centralized tools for managing security across their Microsoft 365 environments. By offering a secure-by-default model and addressing common misconfigurations, this feature empowers administrators to strengthen their security posture and better protect their organizations against a wide range of cyber threats.
