Security Baseline – Office Cloud Policy Service



Office cloud policy service is designed to help you enforce policy settings for Office 365 ProPlus on a user device, even if the device is not domain-joined or managed by Mobile Device Management (MDM). Office Cloud Policy settings roam to the device when a user sign into Office 365 ProPlus. We can enforce these settings to Office for the web or users accessing documents stored in OneDrive for Business or SharePoint online anonymously. The Office cloud policy service is part of a portal for managing Office 365 ProPlus. The service includes many of the same user-based policy settings that are available in Group Policy. We can also leverage Office cloud policy service directly in the Microsoft Endpoint Manager admin center. With Office Cloud Policy Service you can find and configure policies recommended by Microsoft as security baseline policies.  You can take a look at this article for Office ProPlus baseline security policies recommended by Microsoft.

Security Policy Advisor requires Office ProPlus1908 or higher.

We can create policy configurations, review and apply policies that are recommended by Microsoft as security baseline policies. These recommendations are marked as “Security Baseline” when selecting policies. You can also use Security Policy Advisor to receive and implement security policy recommendations. These recommendations are based on Microsoft best practices and information about your existing environment.

Enable Security Policy Advisor

To enable security policy recommendations:

Security Baseline

Create Policy Configuration

To easily identify Security Baseline policies, Microsoft have added a new column to the policy table called ‘Recommendation’.  If the policy is recommended as a Security Baseline you will see the policy tagged as such in this column.  You can also use the column filter to limit the view to only policies that are tagged as Security Baseline. The experience to configure these policies has also been optimized as the policy is pre-configured with the recommended settings.  You can simply review the policy behavior and click OK to accept the recommended configuration.

Security Baseline

If the recommended configuration does not meet your needs, you can select to manually configure the policy and configure the settings.


You can view all the policies that have been applied to the group by navigating to the Applied policies tab. You can click on the policy to see when the policy was applied and whether users have been impacted by the policy. If more than 5% of the users in the group have been impacted by the security policy, either by reporting an impact or by overriding the policy, then the impact of the policy shows as high.

ESPC call for speakers 2024
If organization has Office 365 Advanced Threat Protection Plan 2, then Security Policy Advisor can use data from this service to provide insights on recommended policies. These insights will be based on threats that have been detected and stopped by Advanced Threat Protection. For additional information about the Office Cloud Policy Service please refer to:


Javed Butt, R. (2020). SECURITY BASELINE – OFFICE CLOUD POLICY SERVICE. Available at: [Accessed: 25th September 2020].

About the Author:

Riaz is a technology evangelist with over 8 years of extensive experience with expertise on Identity Management, Exchange Server, Office 365 and a bit of System Center. Riaz is currently working as Lead Consultant. His technical experience is followed by 8 years consulting positions advising both internal and external (local & International) stakeholders/customers on strategic technology selection and adoption along with delivery of solutions across a range of business units. He is a regional lead speaker for Microsoft Office 365 and also speaks in community forums.

Share this on...

Rate this Post: