Ask any tired admin and they will tell you: good security often means chasing settings across a dozen portals. Microsoft is trying to fix that with Baseline Security Mode, a new, opt-in dashboard inside the Microsoft 365 Admin Center that consolidates default protections for Office, SharePoint, Exchange, Teams and Entra.
A single control plane for scattered settings
The dashboard — first seen in select tenants in December 2025 and announced at Ignite 2025 — presents a tidy promise: stop people from misconfiguring services in ways attackers love. Microsoft is rolling it out globally with a target of late January 2026 for most tenants, and a phased completion through March 2026 for government and regulated clouds including GCC, DoD and GCCH.
Under Org Settings > Security & Privacy, administrators with Security or Global roles will find an option to enable Baseline Security Mode. It is opt-in by design and built to be cautious: admins can let the system automatically apply seven low-impact controls immediately, while running simulations for the remaining policies so teams can see what would break before anything changes for users.
What the baseline enforces
The package bundles 18 to 20 policies across three broad areas. The biggest chunk is authentication controls — about a dozen items that shut down legacy sign-in paths that attackers still exploit. Expect blocking of basic authentication, Exchange Web Services (EWS), IDCRL and similar older protocols, plus a hard push toward phishing-resistant multi-factor authentication for administrators using FIDO2 keys or passkeys.
File and application protections are next. The baseline curbs risky behaviours such as opening Office files over insecure HTTP or FTP, disables ActiveX and Dynamic Data Exchange, and limits legacy file formats outside Protected View. Microsoft has also included the early disabling of Microsoft Publisher, ahead of the app's planned retirement in 2026, citing its vulnerability profile.
Policies are drawn from millions of telemetry signals and roughly two decades of incident response data, Microsoft says. That intelligence is meant to address the kinds of misconfigurations that fuel credential stuffing, phishing and supply-chain intrusions.
Try before you enforce
One of the dashboard's clearest design choices is simulation. Administrators can generate impact reports for the policies that are not automatically applied, and expect audit-based data to appear within about 24 hours. Reports show the users, apps or workflows that would be affected and let teams make targeted exceptions before enforcement. Tenants are labeled with simple status indicators such as At risk or Meets standards, making it easier to prioritize work.
This measure-first approach reduces surprise outages and gives security teams time to plan rollouts — a practical move for organizations that rely on custom flows or legacy integrations.
Where this fits in Microsoft's bigger picture
Microsoft positions Baseline Security Mode as part of the Secure Future Initiative, a broader effort to harden cloud services for an AI-driven threat landscape. The company says future expansions will bring these centralized controls into Purview, Intune and Azure, creating a more cohesive posture across endpoint, data and cloud.
The timing matters: many enterprises are still dealing with fallout from recent update quirks and misconfigurations — everyday headaches that make coordinated rollouts harder. For example, teams that are still juggling recovery prompts after Windows updates will welcome tools that reduce blindspots, especially when those blindspots are what attackers hunt. For context on update-related disruption and admin headaches, see recent coverage of BitLocker recovery prompts and how those incidents ripple through enterprise IT Windows BitLocker recovery prompts.
For defenders, a pragmatic nudge
This is not a silver bullet. Some organizations will need bespoke exceptions; others run legacy applications that require careful migration plans. But by standardizing a secure-by-default posture and giving admins the ability to simulate impact before enforcement, Microsoft is lowering the operational friction of tightening security across sprawling Microsoft 365 estates.
It also ties into the company's other platform moves — from identity-first pushes to new AI models — as Microsoft stitches security into more product layers. Those following Microsoft's broader platform work can see the same integration push reflected in projects like MAI-Image-1 MAI-Image-1.
If you manage Microsoft 365, expect a period of discovery: run the reports, identify legitimate breakage, create scoped exceptions and then flip the remaining switches. For many organizations that daily work of pruning old protocols and enforcing phishing-resistant MFA may be the single most effective thing they do in 2026 to reduce their attack surface.
This feature lands at a simple crossroads: attackers keep using old doors; defenders need fewer keys. Baseline Security Mode aims to change which doors exist.