Security is paramount in enterprise environments where any lapse can lead to massive financial and reputational damage. Microsoft recently issued a security advisory for IT admins managing Windows Domain Controllers, and is also previewing a couple of security features for Edge. Now, it has detailed its latest security baseline for Microsoft 365 Office apps.
The latest baseline for Microsoft 365 Apps v2512 is designed to update certain security configurations through the Microsoft Security Compliance Toolkit, which IT admins can deploy to harden their environments. It is an incremental change over the previous baseline, based on observed attacker patterns, feedback from partners, and Microsoft"s own secure-by-design standards.
Specifically for Excel, external links restricted by File Block will no longer refresh. If a user attempts to create or update such a link, they will be greeted with an error. This ensures that data cannot be procured from untrusted sources. Additionally, in PowerPoint, OLE content will be deactivated.
Apart from this, Microsoft has a bunch of updated configurations across all Microsoft 365 apps, too; they are summarized below:
- Block all non-HTTPS protocols when opening documents
- Block MSGraph.Application and MSGraph.Chart (classic OLE Graph components) from executing, shows only a static image instead
- Disable the legacy OrgChart add‑in, and show a higher fidelity image instead
- Prevent Microsoft 365 Apps from falling back to the FrontPage Server Extensions RPC legacy protocol
As can be seen above, the changes in security configurations primarily deal with disabling legacy components and protocols, which potentially act as attack vectors for malicious actors otherwise. If you"re an IT admin who wants to deploy the latest baselines across your organization, refer to Microsoft"s documentation here. It also contains policy paths along with details about the potential operational issues some organizations may face when deploying this baseline.