Summary
Baseline Security Mode centralizes Microsoft’s recommended security standards for Office, SharePoint, Exchange, Teams, and Entra. Rolling out from November 2025 to March 2026, it provides admins with a dashboard to assess and improve security posture using impact reports and risk-based recommendations, with no immediate user impact.

More information
Introduction

Baseline Security Mode is a centralized experience that helps you meet Microsoft’s recommended security standards across Office, SharePoint, Exchange, Teams, and Entra. It leverages Microsoft’s threat intelligence and insights from two decades of Microsoft Response Center cases to strengthen your organization’s security posture and prepare for evolving AI-driven threats.
When this will happen:

Public Preview: Rollout begins mid-November 2025 and completes by late January 2026.
General Availability (Worldwide): Rollout begins mid-November 2025 and completes by late January 2026.
General Availability (GCC): Rollout begins early January 2026 and completes by late January 2026.
General Availability (DoD): Rollout begins early February 2026 and completes by late February 2026.
General Availability (GCCH): Rollout begins early March 2026 and completes by late March 2026.
How this affects your organization:

Who is affected: Global admins and security admins managing Microsoft 365 tenants across Office, SharePoint, Exchange, Teams, and Entra.
What will happen:

A new Baseline Security Mode dashboard will be available in the Microsoft 365 admin center.
Admins can view the tenant’s current security posture compared to Microsoft’s recommended minimum security bar.
Admins can run impact analysis reports to assess changes before applying them.
Recommendations will be grouped by risk level, with statuses such as “At risk” or “Meets standards.”
No immediate user impact unless admins apply changes.
What you can do to prepare:

Navigate to Microsoft 365 admin center > Settings > Org Settings > Security & privacy > Baseline Security Mode.
Review recommendations marked as “At risk.”
Initiate an impact report to understand potential changes.
Apply recommendations to bring your tenant to “Meets standards.”
Communicate upcoming changes to your helpdesk or security teams.

Learn more: Baseline security mode settings | Microsoft Learn

Compliance considerations:

No compliance considerations identified; review as appropriate for your organization.and risk-based recommendations, with no immediate user impact.

The stock exchange was forced to halt equity trading for several hours on Wednesday due to persistent technical snags.

Environ 97’000 serveurs Exchange dans le monde sont potentiellement concernés par une faille permettant d'effe

Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations.

(0Day) Microsoft Exchange ChainedSerializationBinder Deserialization of Untrusted Data Remote Code Execution Vulnerability

As we continue to enhance the security of our cloud, we are going to address the problem of email sent to Exchange Online from unsupported and unpatched Exchange servers. There are many risks associated with running unsupported or unpatched software, but by far the biggest risk is security. Once a version of Exchange Server is no longer supported, it no longer receives security updates; thus, any vulnerabilities discovered after support has ended don’t get fixed. There are similar risks associated with running software that is not patched for known vulnerabilities. Once a security update is released, malicious actors will reverse-engineer the update to get a better understanding of how to exploit the vulnerability on unpatched servers.

The charges were part of an intensifying effort by federal law enforcement agencies, in conjunction with European partners, to combat international cryptocurrency schemes and illegal transactions.

The arrest comes as the U.S. ramps up efforts to crack down on attempts by cybercriminals to use cryptocurrency to evade sanctions.

We see that one of our vulnerabilities is exploited in the wild Link. So we decided to public the detail analysis of our two bug chains. Any customer has enough information to mitigate these bugs. The vendor also released all patches a week ago. This blog post shares the detail

Thousands of small to medium size businesses are suffering as Rackspace have suffered a security incident on their Hosted Exchange service.

Yesterday, 2nd December 2022, Rackspace announced an outage to their Hosted Exchange Server:

Hi, this is a long-time-pending article. We could have published this article earlier (the original bug was reported to MSRC in June 2021 with a 90-days Public Disclosure Policy). However, during communications with MSRC, they explained that since this is an architectural design issue, lots of code changes and testings are expected and required, so they hope to resolve this problem with a one-time CU (Cumulative Update) instead of the regular Patch Tuesday. We understand their situation and agree to extend the deadline.

Circa the beginning of August 2022, while doing security monitoring & incident response services, GTSC SOC team discovered that a critical infrastructure was being attacked, specifically to their Microsoft Exchange application. During the investigation, GTSC Blue Team experts determined that the attack utilized an unpublished Exchange security vulnerability, i.e., a 0-day vulnerability, thus immediately came up with a temporary containment plan.

Microsoft discovered an attack where attackers installed a malicious OAuth application in compromised tenants and used their Exchange Online service to launch spam runs.

In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East.