Overview of using Microsoft 365 Lighthouse baselines to deploy standard tenant configurations
Microsoft 365 Lighthouse baselines provide a repeatable and scalable way for you to manage Microsoft 365 security settings across multiple customer tenants. Baselines provide standard tenant configurations that deploy core security policies and compliance standards that keep your tenants' users, devices, and data secure and healthy.
To view the Microsoft 365 Lighthouse default baseline that applies to all tenants, select Deployment > Baselines in the left navigation pane in Lighthouse.
Watch: Deploy baselines
Check out the other Microsoft 365 Lighthouse videos on our YouTube channel.
Microsoft 365 Lighthouse default baseline
The Microsoft 365 Lighthouse default baseline is designed to ensure all managed tenants are healthy and secure. To view the deployment tasks included in the default baseline, select Default baseline from the list. Select any of the deployment tasks to view additional details about the task and the associated user impact.
Default baseline categories and deployment task descriptions
| Default baseline category | Description of deployment tasks in the category |
|---|---|
| Identity protection | Tasks within this category standardize configurations to help protect a customer's identity and apply best practices to help manage customer identities. |
| Email and apps protection | Tasks within this category standardize the configuration of email standards and productivity applications to help secure the applications. The tasks also apply best-practice recommendations to ensure customers are protected from malicious content within the applications. |
| Endpoint enrollment | Tasks within this category ensure all eligible devices in a customer's tenant are properly enrolled, appropriately managed, and are using a standardized installation of Microsoft 365 applications. |
| Endpoint protection | Tasks within this category build upon tasks in the Endpoint enrollment category by configuring the appropriate security standards and applying best practices for day-to-day device management. |
| Data protection | Tasks within this category apply best-practice recommendations for protecting a customer tenant from data loss and accidental leakage of sensitive data in productivity applications. |
| End-user experience | Tasks within this category help configure training to assist with end-user education and onboarding. The tasks also standardize branding across customer tenants for a more seamless experience. |
Related content
Review a deployment plan (article)
Overview of deployment tasks (article)
Common Conditional Access policies (article)
Overview of permissions in Microsoft 365 Lighthouse (article)
Configure Microsoft 365 Lighthouse portal security (article)
Microsoft 365 Lighthouse FAQ (article)