Overview of using Microsoft 365 Lighthouse baselines to deploy standard tenant configurations

Microsoft 365 Lighthouse baselines provide a repeatable and scalable way for you to manage Microsoft 365 security settings across multiple customer tenants. Baselines provide standard tenant configurations that deploy core security policies and compliance standards that keep your tenants' users, devices, and data secure and healthy.

To view the Microsoft 365 Lighthouse default baseline that applies to all tenants, select Deployment > Baselines in the left navigation pane in Lighthouse.

Watch: Deploy baselines

Check out the other Microsoft 365 Lighthouse videos on our YouTube channel.

Microsoft 365 Lighthouse default baseline

The Microsoft 365 Lighthouse default baseline is designed to ensure all managed tenants are healthy and secure. To view the deployment tasks included in the default baseline, select Default baseline from the list. Select any of the deployment tasks to view additional details about the task and the associated user impact.

Screenshot of the Default baseline page.

Default baseline categories and deployment task descriptions

Default baseline category Description of deployment tasks in the category
Identity protection Tasks within this category standardize configurations to help protect a customer's identity and apply best practices to help manage customer identities.
Email and apps protection Tasks within this category standardize the configuration of email standards and productivity applications to help secure the applications. The tasks also apply best-practice recommendations to ensure customers are protected from malicious content within the applications.
Endpoint enrollment Tasks within this category ensure all eligible devices in a customer's tenant are properly enrolled, appropriately managed, and are using a standardized installation of Microsoft 365 applications.
Endpoint protection Tasks within this category build upon tasks in the Endpoint enrollment category by configuring the appropriate security standards and applying best practices for day-to-day device management.
Data protection Tasks within this category apply best-practice recommendations for protecting a customer tenant from data loss and accidental leakage of sensitive data in productivity applications.
End-user experience Tasks within this category help configure training to assist with end-user education and onboarding. The tasks also standardize branding across customer tenants for a more seamless experience.

Review a deployment plan (article)
Overview of deployment tasks (article)
Common Conditional Access policies (article)
Overview of permissions in Microsoft 365 Lighthouse (article)
Configure Microsoft 365 Lighthouse portal security (article)
Microsoft 365 Lighthouse FAQ (article)