Summary
Baseline Security Mode centralizes Microsoft’s recommended security standards for Office, SharePoint, Exchange, Teams, and Entra. Rolling out from November 2025 to March 2026, it provides admins with a dashboard to assess and improve security posture using impact reports and risk-based recommendations, with no immediate user impact.
More information
Introduction
Baseline Security Mode is a centralized experience that helps you meet Microsoft’s recommended security standards across Office, SharePoint, Exchange, Teams, and Entra. It leverages Microsoft’s threat intelligence and insights from two decades of Microsoft Response Center cases to strengthen your organization’s security posture and prepare for evolving AI-driven threats.
When this will happen:
Public Preview: Rollout begins mid-November 2025 and completes by late January 2026.
General Availability (Worldwide): Rollout begins mid-November 2025 and completes by late January 2026.
General Availability (GCC): Rollout begins early January 2026 and completes by late January 2026.
General Availability (DoD): Rollout begins early February 2026 and completes by late February 2026.
General Availability (GCCH): Rollout begins early March 2026 and completes by late March 2026.
How this affects your organization:
Who is affected: Global admins and security admins managing Microsoft 365 tenants across Office, SharePoint, Exchange, Teams, and Entra.
What will happen:
A new Baseline Security Mode dashboard will be available in the Microsoft 365 admin center.
Admins can view the tenant’s current security posture compared to Microsoft’s recommended minimum security bar.
Admins can run impact analysis reports to assess changes before applying them.
Recommendations will be grouped by risk level, with statuses such as “At risk” or “Meets standards.”
No immediate user impact unless admins apply changes.
What you can do to prepare:
Navigate to Microsoft 365 admin center > Settings > Org Settings > Security & privacy > Baseline Security Mode.
Review recommendations marked as “At risk.”
Initiate an impact report to understand potential changes.
Apply recommendations to bring your tenant to “Meets standards.”
Communicate upcoming changes to your helpdesk or security teams.
Learn more: Baseline security mode settings | Microsoft Learn
Compliance considerations:
No compliance considerations identified; review as appropriate for your organization.and risk-based recommendations, with no immediate user impact.
www.politico.com
Katherine Tully-McManus
11/10/2025, 2:01pm ET
Library of Congress employees were informed to take caution when emailing the office of the congressional scorekeeper.
A cybersecurity breach discovered last week affecting the Congressional Budget Office is now considered “ongoing,” threatening both incoming and outgoing correspondence around Congress’ nonpartisan scorekeeper.
Employees at the Library of Congress were warned in a Monday email, obtained by POLITICO, that the CBO cybersecurity incident is “affecting its email communications” and that library staff should take a range of measures to protect themselves.
Library of Congress workers also were told to restrict their communication with the nonpartisan agency tasked with providing economic and budgetary information to lawmakers.
“Do NOT click on any links in emails from CBO. Do NOT share sensitive information with CBO colleagues over email, Microsoft Teams, or Zoom at this time,” the email reads.
“Maintain a high level of vigilance and verify the legitimacy of CBO communications by confirming with the sender via telephone that they sent the message,” the note continues.
Congressional staff are in regular communication with CBO regarding scores of legislation and cost estimates the agency prepares for bills in both the House and Senate.
There was no immediate information Monday about the broader implications that a legislative branch office was continuing to experience cybersecurity vulnerabilities.
A CBO spokesperson said last week that officials had taken “immediate action to contain” the breach as officials investigate the incident.
When asked for comment Monday about ongoing issues, the CBO spokesperson referred to the prior statement.
Join Ido Kringel and the Deep Instinct Threat Research Team in this deep dive into a recently discovered, Office-based regex evasion technique
Microsoft Office-based attacks have long been a favored tactic amongst cybercriminals— and for good reason. Attackers frequently use Office documents in cyberattacks because they are widely trusted. These files, such as Word or Excel docs, are commonly exchanged in business and personal settings. They are also capable of carrying hidden malicious code, embedded macros, and external links that execute code when opened, especially if users are tricked into enabling features like macros.
Moreover, Office documents support advanced techniques like remote template injection, obfuscated macros, and legacy features like Excel 4.0 macros. These allow attackers to bypass antivirus detection and trigger multi-stage payloads such as ransomware or information-stealing malware.
Since Office files are familiar to users and often appear legitimate (e.g., invoices, resumes, or reports), they’re also highly effective tools in phishing and social engineering attacks.
This mixture of social credit and advanced attack characteristics unique to Office files, as well as compatibility across platforms and integration with scripting languages, makes them ideal for initiating sophisticated attacks with minimal user suspicion.
Last year, Microsoft announced the availability of three new functions that use Regular Expressions (regex) to help parse text more easily:
Regex are sequences of characters that define search patterns, primarily used for string matching and manipulation. They enable efficient text processing by allowing complex searches, replacements, and validations based on specific criteria.
Informations actuelles de l'administration. Tous les communiqués de l'administration fédérale, des départements et des offices.
OneNote is a software part of the Office suite, commonly used within most organisations for note-keeping, task management and more. In the last year, OneNote gained more attention from a security perspective, mostly thanks to the research paper published by Emeric Nasi.
Thousands of small to medium size businesses are suffering as Rackspace have suffered a security incident on their Hosted Exchange service.
Yesterday, 2nd December 2022, Rackspace announced an outage to their Hosted Exchange Server:
Two days ago, Nao_sec identified an odd looking Word document in the wild, uploaded from an IP address in Belarus...
Recently, there has been a resurgence of malware that is spread via Microsoft Word macro capabilities....
Changing Default Behavior
We’re introducing a default change for five Office apps that run macros:
VBA macros obtained from the internet will now be blocked by default.
