Microsoft has published version 2512 of its security baseline for Microsoft 365 Apps for enterprise. The baseline documents recommended policy settings for Office applications used in enterprise environments and maps those settings to current management tools.
What the v2512 baseline covers
The v2512 baseline groups settings across Word, Excel, PowerPoint, Outlook, and Access. It includes controls related to macros, add-ins, ActiveX, Protected View, and application update behavior. The guidance reflects defaults and recommended values that security teams can apply through policy.
Microsoft provides the baseline in formats that align with common enterprise workflows, including Group Policy objects and Microsoft Intune settings catalogs. Each setting includes a description and a recommended value, which allows administrators to review and adjust configurations based on internal requirements.
Changes from earlier baselines
According to Microsoft, the v2512 release updates recommendations to align with current versions of Microsoft 365 Apps for enterprise. The documentation also reflects changes in policy availability and naming that have occurred across recent Office releases.
Some settings appear in different administrative templates compared with earlier baselines. The documentation highlights these shifts so teams can track how policies surface across management tools and operating system versions.
How security teams use the baseline
Security baselines serve as reference points for hardening enterprise environments. Teams often compare existing Office configurations against the published recommendations to identify gaps or inconsistencies.
In practice, organizations tend to import the baseline into test environments, validate application behavior, and then deploy selected settings through Intune or Group Policy. The baseline supports that process by presenting each recommendation individually rather than as a single enforced package.
You can download the updated baseline from the Microsoft Security Compliance Toolkit, test the recommended configurations, and implement as appropriate.