Microsoft Baseline Security Mode

Keeping on top of security doesn't seem to be getting any easier these days. Thankfully Microsoft have introduced a new quick and easy capability within the Admin Centre to help further secure your tenant(s) under the following points:

• Protect business data

• Prevent business disruption

• Block unsafe end user practices

• Secure internal accounts

• Ensure secure collaboration

Permissions required

Global administrators can view and configure all settings, while workload-specific administrators can manage only their own settings.

• Global Administrator

• Office Apps Administrator

• SharePoint Administrator

• Exchange Administrator

• Teams Administrator

Note: Further information on Baseline Security Mode is available here:

https://learn.microsoft.com/en-gb/microsoft-365/baseline-security-mode/baseline-security-mode-settings?view=o365-worldwide

Microsoft have added some warnings which I highly recommend you read before enabling each option!!

Accessing the Baseline Security Mode Settings

1. Navigate to admin.microsoft.com > Settings > Org Settings > Security & Privacy > Baseline Security Mode

   
   

2. Click on Baseline Security Mode to launch the side panel of default policy recommendations. Here you can either click the box to automatically apply the default policies, or alternatively click on "Open Baseline Security Mode" at the bottom, which I recommend.

3. Upon selecting "Open Baseline Security Mode", a new window will show you all of the options available, along with your current progress to meet the standard.

4. When enabling the Entra ID recommendations, please ensure you exclude your BreakGlass accounts!! To do this, click "exclude specific users".

5. Select your BreakGlass accounts and click the exclude button.

6. Once you've enabled all of the recommendations, the progress bar will automatically update accordingly.

Here's a list of all the recommendations for reference.

If you've found this helpful in anyway, let me know!