Microsoft 365 Apps for Enterprise Get Stronger Defenses with Latest Security Baseline
New security baseline strengthens M365 Apps to better protect enterprises from modern threats.
Key Takeaways:
- Microsoft releases security baseline update for M365 Apps for Enterprise version 2512.
- Excel, PowerPoint, and core system settings receive enhanced protections.
- These updates block risky links, insecure protocols, and legacy automation features.
Microsoft is beefing up its enterprise defenses this week with a major security and compliance update for Microsoft 365 Apps for Enterprise version 2512. This new baseline strengthens Excel, PowerPoint, and core system settings to help enterprises stay protected against evolving cyber threats.
Specifically, the latest baseline updates several Microsoft 365 Apps components, especially Excel, PowerPoint, and core system settings. These updates address new attacker techniques, customer feedback, and secure‑by‑design principles.
Excel security enhancements
According to Microsoft, File Block now includes external link files, which prevent external links in blocked workbooks from refreshing. “Attempts to create or update links to blocked files return an error. This prevents data ingestion from untrusted or potentially malicious sources,” Microsoft explained.
Blocking insecure protocols
This new security baseline also blocks all non‑HTTPS protocols when opening documents. This capability helps to eliminate unsafe downgrade paths and enforces TLS‑secure communication across apps and cloud services.
Additional hardening
Lastly, Microsoft’s new security baseline blocks risky automation interfaces such as MSGraph.Application and MSGraph.Chart. Microsoft 365 Apps will render them as static images instead to address a risky automation interface. Moreover, this baseline disables the legacy OrgChart add‑in for security reasons. It also prevents fallback to FrontPage Server Extensions RPC to ensure the usage of modern, authenticated file‑access methods.
Starting this week, administrators can deploy the security baseline via Office cloud policies, ADMX policies through Microsoft Intune, or Group Policy for on-premise Active Directory environments. Microsoft has divided the more complex settings into individual Group Policy Objects. These include policies that block Dynamic Data Exchange, legacy file formats, legacy JScript, and unsigned macros.
Rabia has a master's degree in Software Engineering and she has years of experience writing professionally about Microsoft products and other technologies. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on t...
