Harden your Microsoft 365 security with Octiga’s latest baselines
Octiga offers new baselines to help MSPs standardize and monitor Microsoft 365 security settings across customer tenants. The value for MSPs is simple: less time digging through hidden settings, less tenant-by-tenant review work, and a faster way to apply the same standard across every customer. Baselines cover Cross-Tenant Access Settings, Certificate-Based Authentication, Voice Call Authentication, Windows LAPS, and Password Rule Settings.
Cybersecurity

Harden your Microsoft 365 security with Octiga’s latest baselines
For MSPs, securing Microsoft 365 tenants isn’t just about enabling security features and settings. Instead, it’s about ensuring these settings are configured consistently across all your customer tenants. As Microsoft continues to introduce new identity and device security functionality, maintaining these standards manually is becoming increasingly difficult.
Octiga’s latest baselines help MSPs assess, standardize, and monitor key Microsoft Entra ID and Windows security settings across their customers’ environments. By identifying deviations from the gold standard you have set, these baselines make it easier to deliver consistent security at scale.
Let’s take a closer look at the newest additions.
Cross-Tenant Access Settings
Organizations increasingly collaborate with partners, suppliers, and customers using Microsoft’s business-to-business (B2B) capabilities. These capabilities allow users from one tenant to securely access applications, resources, and shared content in another tenant without needing a separate account. Cross-Tenant Access Settings control how that collaboration is permitted and trusted. While these settings are powerful, but require careful configuration to avoid opening security holes.
Without clear standards, tenants can develop inconsistent trust relationships over time. These can potentially allow external users more access than intended, or trusting authentication from tenants that haven’t been properly vetted.
Octiga’s new Cross-Tenant Access Settings baseline gives MSPs visibility into these configurations across every customer tenant, helping to ensure external collaboration follows a consistent security standard, all while reducing the risk of misconfigured relationships.
The core functionality of this baseline is included with Entra ID Free, while some of the advanced capabilities require an Entra ID P2license.
Certificate-Based Authentication
Certificate based authentication (CBA) allows users to authenticate with digital certificates instead of passwords. This provides a phishing-resistant alternative to other authentication methods for organizations with higher security requirements. Microsoft Entra’s CBA allows administrators to configure certificate mapping, binding methods, and authentication strength, all while determining if these certificates satisfy single-factor or multi-factor authentication requirements.
These settings are particularly valuable in regulated industries, environments with shared devices, and organizations adopting passwordless authentication. Since CBA relies on several interdependent settings, however, configuration mistakes can create authentication issues or unintended security gaps.
The new Certificate-Based Authentication baseline in Octiga allows MSPs to verify these critical settings before and after deployment. This allows CBA to be maintained across multiple customer environments.
Concerning licensing, this baseline is supported without Microsoft Entra premium licensing.
Voicecall authentication
While stronger authentication methods are usually encouraged, voice call MFA remains an important option for some users and organizations.
Administrators can control whether this authentication method is available, what types of phones can be used (office phones or mobile phones), and which specific users are allowed to use this MFA method.
These policies are often overlooked, leading to inconsistent authentication experiences, or leaving legacy authentication methods enabled either unintentionally, or after they are no longer required.
Octiga’s new Voice Call Authentication baseline allows you to quickly review these settings, ensuring authentication policies remain aligned with each customer’s security requirements (whether that is enabled or disabled), while still supporting users who depend on this feature.
This baseline is available without Microsoft Entra premium licenses for basic, tenant-wide applications. You will need advanced licensing to use Conditional Access Policies that govern authentication, however.
Windows LAPS
One of the simplest ways threat actors can move through an environment is by exploiting shared local administrator passwords across an organization’s devices.
Windows Local Administrator Password Solution (Windows LAPS) addresses this by automatically generating unique local administrator passwords for every Windows device in an organization. These passwords are securely stored in Microsoft Entra ID or Active Directory, and are automatically rotated on a scheduled basis. This dramatically reduces the risk of credential reuse, and the lateral movement threat actors take advantage of during cyberattacks.
Our new Windows LAPS baseline allows MSPs to confirm that password rotation and storage location, complexity requirements, and actions post-authentication settings are configured correctly, ensuring that customers get the full security benefit of this feature.
This feature is currently built into modern versions of Windows. Additional cloud management capabilities may require advanced licensing, depending on the deployment.
Passwordr ule settings
Passwords remain one of the most common attack vectors exploited by threat actors. This is particularly true when organizations rely on weak, outdated, or inconsistent password standards.
Microsoft recommends modern password guidance that focuses on strong password length, banned password protection, and smart lockout settings rather than frequent password changes alone. Yet across multiple customer tenants, password policies often vary due to legacy configurations or inconsistent administration.
Octiga’s new Password Rule Settings baseline helps MSPs quickly identify these differences in configuration and allows these settings to be changed with the click of a button. This makes it easier to standardize password policies across every customer tenant, while still aligning with Microsoft’s recommended security practices.
Regarding licensing, the standard password policies are included in Microsoft 365. Advanced capabilities (such as Entra Password Protection and custom banned password lists) require premium licensing.
Standardize Microsoft 365 Security with Octiga
Security features only deliver value when they’re configured correctly and kept that way. As MSPs onboard new customers, deploy new Microsoft capabilities, and respond to evolving threats, maintaining consistent security standards across your entire customer base becomes increasingly challenging. Small differences between customer environments can create significant security gaps by increasing risk, administrative overhead, and the time required for manual security reviews. Learn more in our previous article on optimizing Microsoft 365 security reviews.
Octiga’s baselines provide a simple yet effective way to assess customer environments against a defined standard and identify security gaps before they become incidents. Instead of manually reviewing every setting across multiple Microsoft admin portals, Octiga allows technicians to gain clear visibility into which tenants meet the expected baseline and where action is required.
With an expanding library of M365 baselines, Octiga helps MSPs standardize security, improve operational consistency, and deliver proactive protection across every customer they manage. If you're looking for a simpler way to secure Microsoft 365 at scale, book a demo and discover how Octiga can help you protect more tenants with less effort.
Subscribe for updates
Curated information for MSPs




