Summary
Baseline Security Mode centralizes Microsoft’s recommended security standards for Office, SharePoint, Exchange, Teams, and Entra. Rolling out from November 2025 to March 2026, it provides admins with a dashboard to assess and improve security posture using impact reports and risk-based recommendations, with no immediate user impact.
More information
Introduction
Baseline Security Mode is a centralized experience that helps you meet Microsoft’s recommended security standards across Office, SharePoint, Exchange, Teams, and Entra. It leverages Microsoft’s threat intelligence and insights from two decades of Microsoft Response Center cases to strengthen your organization’s security posture and prepare for evolving AI-driven threats.
When this will happen:
Public Preview: Rollout begins mid-November 2025 and completes by late January 2026.
General Availability (Worldwide): Rollout begins mid-November 2025 and completes by late January 2026.
General Availability (GCC): Rollout begins early January 2026 and completes by late January 2026.
General Availability (DoD): Rollout begins early February 2026 and completes by late February 2026.
General Availability (GCCH): Rollout begins early March 2026 and completes by late March 2026.
How this affects your organization:
Who is affected: Global admins and security admins managing Microsoft 365 tenants across Office, SharePoint, Exchange, Teams, and Entra.
What will happen:
A new Baseline Security Mode dashboard will be available in the Microsoft 365 admin center.
Admins can view the tenant’s current security posture compared to Microsoft’s recommended minimum security bar.
Admins can run impact analysis reports to assess changes before applying them.
Recommendations will be grouped by risk level, with statuses such as “At risk” or “Meets standards.”
No immediate user impact unless admins apply changes.
What you can do to prepare:
Navigate to Microsoft 365 admin center > Settings > Org Settings > Security & privacy > Baseline Security Mode.
Review recommendations marked as “At risk.”
Initiate an impact report to understand potential changes.
Apply recommendations to bring your tenant to “Meets standards.”
Communicate upcoming changes to your helpdesk or security teams.
Learn more: Baseline security mode settings | Microsoft Learn
Compliance considerations:
No compliance considerations identified; review as appropriate for your organization.and risk-based recommendations, with no immediate user impact.
| TechCrunch techcrunch.com
Lorenzo Franceschi-Bicchierai
7:37 AM PST · December 12, 2025
Hama Film makes photo booths that upload pictures and videos online. But their back-end systems have a simple flaw that allows anyone to download customer pictures.
A company that makes photo booths is exposing pictures and videos of its customers online thanks to a simple flaw in its website where the files are stored, according to a security researcher.
The researcher, who goes by Zeacer, alerted TechCrunch to the security issue in late November after reporting the vulnerability in October to Hama Film, the photo booth maker that has franchise presence in Australia, the United Arab Emirates, and the United States, but did not hear back.
Zeacer shared with TechCrunch a sample of pictures taken from Hama Film’s servers, which showed groups of clearly young people posing in photo booths. Hama Film’s booths not only print out the photos like a typical photo booth, but booths also upload the customers’ photos to the company’s servers.
Vibecast, which owns Hama Film, has yet to respond to his messages alerting the company of the issues. Vibecast also hasn’t responded to several requests for comment from TechCrunch, nor did Vibecast’s co-founder Joel Park respond to a message we sent via LinkedIn.
As of Friday, the researcher said the company has still not fully resolved the security flaw and continues to expose customers’ data. As such, TechCrunch is withholding specific details of the vulnerability from publication.
When Zeacer first found this flaw, he noted that it appeared that photos were deleted from the photo booth maker’s servers every two to three weeks.
Now, he said, the pictures stored on the servers appear to get deleted after 24 hours, which limits the number of pictures exposed at any given time. But a hacker could still exploit the vulnerability he discovered each day and download the contents of every photo and video on the server.
Before this week, Zeacer said at one point he saw more than 1,000 pictures online for the Hama Film booths in Melbourne.
This incident is the latest example of a company that, at least for a time, was not implementing certain basic and widely accepted security practices, such as rate-limiting. Last month, TechCrunch reported that government contractor giant Tyler Technologies was not rate-limiting its websites used for allowing courts to manage their jurors’ personal information. This meant anyone could break into any juror’s profile by running a computer script capable of mass-guessing their date of birth and their easy-to-guess numerical identifier.
