Harden your Microsoft 365 security with Octiga’s latest baselines

Octiga offers new baselines to help MSPs standardize and monitor Microsoft 365 security settings across customer tenants. The value for MSPs is simple: less time digging through hidden settings, less tenant-by-tenant review work, and a faster way to apply the same standard across every customer.  Baselines cover Cross-Tenant Access Settings, Certificate-Based Authentication, Voice Call Authentication, Windows LAPS, and Password Rule Settings.
Cybersecurity
Written by
Alex Araujo
Published on
July 9, 2026

Harden your Microsoft 365 security with Octiga’s latest baselines

For MSPs, securing Microsoft 365 tenants isn’t just about enabling security features and settings. Instead, it’s about ensuring these settings are configured consistently across all your customer tenants. As Microsoft continues to introduce new identity and device security functionality, maintaining these standards manually is becoming increasingly difficult.

Octiga’s latest baselines help MSPs assess, standardize, and monitor key Microsoft Entra ID and Windows security settings across their customers’ environments. By identifying deviations from the gold standard you have set, these baselines make it easier to deliver consistent security at scale.

Let’s take a closer look at the newest additions.


Cross-Tenant Access Settings

Organizations increasingly collaborate with partners, suppliers, and customers using Microsoft’s business-to-business (B2B)capabilities. These capabilities allow users from one tenant to securely access applications, resources, and shared content in another tenant without needing a separate account. Cross-Tenant Access Settings control how that collaboration is permitted and trusted. While these settings are powerful, but require careful configuration to avoid opening security holes.

Without clear standards, tenants can develop inconsistent trust relationships over time. These can potentially allow external users more access than intended, or trusting authentication from tenants that haven’t been properly vetted.

Octiga’s new Cross-Tenant Access Settings baseline gives MSPs visibility into these configurations across every customer tenant, helping to ensure external collaboration follows a consistent security standard, all while reducing the risk of misconfigured relationships.

The core functionality of this baseline is included with Entra ID Free, while some of the advanced capabilities require an Entra ID P2 license.

 

Certificate-Based Authentication

Certificate based authentication (CBA) allows users to authenticate with digital certificates instead of passwords. This provides a phishing-resistant alternative to other authentication methods for organizations with higher security requirements. Microsoft Entra’s CBA allows administrators to configure certificate mapping, binding methods, and authentication strength, all while determining if these certificates satisfy single-factor or multi-factor authentication requirements.

These settings are particularly valuable in regulated industries, environments with shared devices, and organizations adopting passwordless authentication. Since CBA relies on several interdependent settings, however, configuration mistakes can create authentication issues or unintended security gaps.

The new Certificate-Based Authentication baseline in Octiga allows MSPs to verify these critical settings before and after deployment. This allows CBA to be maintained across multiple customer environments.

Concerning licensing, this baseline is supported without Microsoft Entra premium licensing.

 

Voicecall authentication

While stronger authentication methods are usually encouraged, voice call MFA remains an important option for some users and organizations.

Administrators can control whether this authentication method is available, what types of phones can be used (office phones or mobile phones), and which specific users are allowed to use this MFA method.

These policies are often overlooked, leading to inconsistent authentication experiences, or leaving legacy authentication methods enabled either unintentionally, or after they are no longer required.

Octiga’s new Voice Call Authentication baseline allows you to quickly review these settings, ensuring authentication policies remain aligned with each customer’s security requirements (whether that is enabled or disabled), while still supporting users who depend on this feature.

This baseline is available without Microsoft Entra premium licenses for basic, tenant-wide applications. You will need advanced licensing to use Conditional Access Policies that govern authentication, however.

 

Windows LAPS

One of the simplest ways threat actors can move through an environment is by exploiting shared local administrator passwords across an organization’s devices.

Windows Local Administrator Password Solution (Windows LAPS) addresses this by automatically generating unique local administrator passwords for every Windows device in an organization. These passwords are securely stored in Microsoft Entra ID or Active Directory, and are automatically rotated on a scheduled basis. This dramatically reduces the risk of credential reuse, and the lateral movement threat actors take advantage of during cyberattacks.

Our new Windows LAPS baseline allows MSPs to confirm thatpassword rotation and storage location, complexity requirements, and actions post-authentication settings are configured correctly, ensuring that customers get the full security benefit of this feature.

This feature is currently built into modern versions of Windows. Additional cloud management capabilities may require advancedlicensing, depending on the deployment.

 

Passwordrule settings

Passwords remain one of the most common attack vectorsexploited by threat actors. This is particularly true when organizations relyon weak, outdated, or inconsistent password standards.

Microsoft recommends modern password guidance that focuseson strong password length, banned password protection, and smart lockoutsettings rather than frequent password changes alone. Yet across multiplecustomer tenants, password policies often vary due to legacy configurations orinconsistent administration.

Octiga’s new Password Rule Settings baseline helps MSPs quickly identify these differences in configuration and allows these settings to be changed with the click of a button. This makes it easier to standardize password policies across every customer tenant, while still aligning with Microsoft’s recommended security practices.

Regarding licensing, the standard password policies are included in Microsoft 365. Advanced capabilities (such as Entra Password Protection and custom banned password lists) require premium licensing.

  

Standardize Microsoft 365 Security with Octiga

Security features only deliver value when they’re configured correctly and kept that way. As MSPs onboard new customers, deploy newMicrosoft capabilities, and respond to evolving threats, maintaining consistentsecurity standards across your entire customer base becomes increasinglychallenging. Small differences between customer environments can createsignificant security gaps by increasing risk, administrative overhead, and thetime required for manual security reviews. Learn more in our previous articleon optimizing Microsoft 365 security reviews.

Octiga’s baselines provide a simple yet effective way to assess customer environments against a defined standard and identify security gaps before they become incidents. Instead of manually reviewing every setting across multiple Microsoft admin portals, Octiga allows technicians to gain clear visibility into which tenants meet the expected baseline and where action is required.

With an expanding library of M365 baselines, Octiga helps MSPs standardize security, improve operational consistency, and deliver proactive protection across every customer they manage. If you're looking for a simpler way to secure Microsoft 365 at scale, book a demo and discover how Octiga can help you protect more tenants with less effort.

Take Octiga for a spin

See what your team can do with a single platform