Microsoft launches new version of Office application security baseline to strengthen enterprise protection

After recently issuing security advisories for Windows domain controllers and previewing multiple security features for the Edge browser, Microsoft has now announced the latest security baseline configuration for Microsoft 365 Office applications to further help enterprise IT administrators harden their office environments.

The latest security baseline released this time is applicable to Microsoft 365 Apps v2512 and will provide a series of updated security configurations through the Microsoft Security Compliance Toolkit to facilitate IT administrators to deploy uniformly in their environment. Microsoft said this version is an incremental update based on the previous baseline and was developed based on attacker behavior patterns, partner feedback, and Microsoft's own "secure-by-design" standards.

At the specific application level, the security policies of Excel and PowerPoint have changed significantly. For Excel, external links restricted by the File Block feature will no longer be refreshed, and users will receive an error directly if they try to create or update such links, thus preventing data from being obtained from untrusted sources. Additionally, OLE content is disabled in PowerPoint to reduce the risk of exploitation by attackers via embedded objects.

In addition to targeted adjustments to individual apps, Microsoft has also updated several security configurations across the entire Microsoft 365 Apps suite. These include: blocking all non-HTTPS protocols when opening a document; preventing classic OLE charting components such as MSGraph.Application and MSGraph.Chart from running and displaying only static images; disabling the legacy OrgChart plug-in to display higher-fidelity images instead; and preventing Microsoft 365 apps from falling back to legacy protocols such as FrontPage Server Extensions RPC.

Microsoft pointed out that these security configuration changes mainly focus on disabling old components and protocols, because these contents often become potential entry points for malicious attackers to exploit. For IT administrators who want to deploy the latest security baseline in their organization, Microsoft has provided detailed policy path descriptions in its official documentation, as well as possible operational impacts during the implementation process, for enterprises to fully evaluate and test before deployment.

learn more:

https://techcommunity.microsoft.com/blog/microsoft-security-baselines/security-baseline-for-m365-apps-for-enterprise-v2512/4487213