Event details

Ready to take your organization’s security posture to the next level? Join us for an engaging session on Microsoft Baseline Security Mode (BSM)—a powerful framework and tool built on decades of Micro...
Emily_Perina
Updated Feb 26, 2026
copilot control system
microsoft 365 copilot
SBACoach's avatar
SBACoach
Copper Contributor
Feb 26, 2026

Microsoft Baseline security mode (BSM) is not MBSA 

Microsoft Baseline Security Analyzer (MBSA) is used to verify patch compliance. MBSA also performed several other security checks for Windows, IIS, and SQL Server. Unfortunately, the logic behind these extra checks hadn't been actively maintained since Windows XP and Windows Server 2003. Changes in the products since then rendered many of these security checks obsolete and some of their recommendations counterproductive.

MBSA was largely used in situations where Microsoft Update a local WSUS or Configuration Manager server wasn't available, or as a compliance tool to ensure that all security updates were deployed to a managed environment. While MBSA version 2.3 introduced support for Windows Server 2012 R2 and Windows 8.1, it has since been deprecated and no longer developed. MBSA 2.3 isn't updated to fully support Windows 10 and Windows Server 2016.

  • Adriana Wood's avatar
    Adriana Wood
    Icon for Microsoft rankMicrosoft
    Feb 26, 2026

    Microsoft Baseline Security Mode (MBSM) -- Baseline security mode settings | Microsoft Learn

    This tool designed to reduce the attack surface and enforce secure-by-default settings across Microsoft services and Windows devices. In Microsoft 365, it covers services such as Entra ID, Exchange, SharePoint, Teams, and Microsoft 365 apps. The mode allows administrators to apply recommended security policies, run impact reports, and selectively enable settings without immediately disrupting users.