News
New Microsoft 365 Security Baseline Tightens Enterprise App Protections, Plus Trust Focused Teams Admin Tools
- By Chris Paoli
- January 22, 2026
Microsoft released a pair of security and compliance updates this week designed to help IT administrators strengthen protections across Microsoft 365 Apps for enterprise and simplify app governance in Teams.
Microsoft has published an updated security baseline (version 2512) for Microsoft 365 Apps for enterprise that strengthens defenses against unsafe connections, legacy automation, and insecure file access methods, providing IT teams with stronger default controls for Office and core M365 applications. This latest baseline also adds deployment flexibility across Intune, Group Policy and cloud-based policy management.
According to Microsoft, the baseline will ensure that external links to workbooks blocked by File Block will no longer refresh. "Attempts to create or update links to blocked files return an error," the company stated in its announcement. "This prevents data ingestion from untrusted or potentially malicious sources."
The baseline also blocks non-HTTPS protocols when opening documents, eliminating downgrade paths and unsafe connections. This aligns with Microsoft's broader effort to enforce TLS-secure communication across productivity and cloud services.
Additional changes include blocking MSGraph.Application and MSGraph.Chart components, which Microsoft 365 Apps will instead render as static images to mitigate a historically risky automation interface. The legacy OrgChart add-in is also disabled under the new baseline, with output replaced by an image to reduce exposure to outdated automation frameworks.
Microsoft noted that the baseline disables the ability for Microsoft 365 Apps to fall back to FrontPage Server Extensions RPC, an aging protocol not designed for modern security requirements. "Avoiding fallback ensures consistent use of modern, authenticated file-access methods," the company said.
The baseline can be deployed through Office cloud policies, ADMX policies via Microsoft Intune or Group Policy for on-premise Active Directory environments. Microsoft broke out potentially challenging settings into separate Group Policy Objects, including policies for blocking Dynamic Data Exchange, legacy file formats, legacy JScript and unsigned macros.
Alongside the baseline, Microsoft is enhancing the Teams Admin Center with trust-based application filters that make it easier for administrators to spot certified and compliant third-party apps and measure compliance attributes directly in the admin console. These updates aim to help enterprise IT teams streamline and enforce security standards without heavy manual review.
Krishna Mawani, writing for Microsoft, stated that managing app security and compliance in Microsoft Teams just got easier. "With recent updates in Teams Admin Center, IT admins can now quickly identify trusted apps and enforce organizational standards with confidence," Mawani wrote.
The new "Apps to Consider Allowing" tile highlights certified apps, publisher-attested apps and those providing compliance evidence. A new Security & Compliance column displays attributes such as SOC 2, FedRAMP and penetration testing directly in the dashboard, enabling admins to speed up app reviews with trust-based filters.
Trust-based filters allow administrators to view and filter apps and agents by specific industry standards and compliance attributes including ISO 27001, HIPAA and GDPR. The updates also include dedicated collections of curated certified apps and agents for easier discovery.
According to Microsoft, the enhancements build on existing foundational visibility features in Teams Admin Center's Security & compliance tab, which already surfaced key signals such as publisher information, permission scopes and data access. The new features eliminate manual cross-checking of these signals by consolidating trust indicators in a centralized dashboard.
The dashboard is available in public preview to customers licensed for Microsoft Defender for Office 365 Plan 2. Microsoft stated that the updates underscore the value of Microsoft 365 Certification as a key trust driver for independent software vendors seeking visibility and credibility in a competitive marketplace.
The security baseline is available for download from the Microsoft Security Compliance Toolkit. More information about Microsoft 365 Certification is available at Microsoft Learn.