Microsoft Launches M365 Security Baseline Mode; DHS Leaks 4,500 Agent Records

TL;DR

• Microsoft 365 enables Security Baseline Mode to automatically apply default policies across 26 SharePoint sites, reducing manual configuration gaps and improving auditability
• DHS leaks 4,500 ICE and Border Patrol employee records in largest-ever staff data breach, exposing identities of 2,000 active agents and triggering nationwide protests over accountability failures

Microsoft 365 Security Baseline Mode: One Button, 26 Sites, and 195 Gaps You Still Have to Fix

It applies five preconfigured SharePoint security settings via Set-OrganizationConfig to exactly 26 sites. No more manual clicks. No more forgotten policies. Just a quiet, declarative nudge toward compliance.

Why is this a win?

Audit trails are now automatic. Every policy application and override is timestamped in the Compliance Center. ISO 27001 auditors get a clean log. Admins get a paper trail. Everyone gets a lighter workload—except the one who has to explain why external sharing was locked down on the marketing team’s vendor portal.

What’s missing?

Only five of approximately 200 possible SharePoint security controls are enforced. The rest remain manual. Secure Score still shows 78% gaps. This isn’t hardening. It’s baseline sprinkling.

Can admins override it?

Yes. And they will. Every time. Because legacy workflows, custom integrations, and that one SharePoint site that’s been "working fine since 2015" can’t be trusted to a script. Overrides are logged—but logs don’t prevent chaos.

What’s the real risk?

False confidence. Admins assume "baseline = secure." Reality: baseline = starting line. External collaborators get blocked. Legitimate workflows break. Compliance reports look good until someone asks, "Did you check the other 195 settings?"

What should you do?

• Pilot on a non-critical site first.
• Ingest SBM logs into your SIEM and alert on overrides.
• Require a ticket and impact assessment for every change.
• Automate the remaining controls via PowerShell or Microsoft Graph.

What’s next?

Expect SBM-style defaults for Teams, OneDrive, and Azure AD by 2027. Industry-specific policy sets (finance, health) will follow. The real challenge won’t be deploying them—it’ll be managing the avalanche of override requests.

Bottom line?

Microsoft didn’t solve security. It made the first step less tedious. The rest? Still yours. And yes, you’re still the one cleaning up after the "magic button."

DHS Leaks 4,500 Border Agents’ Records — Did They Forget to Lock the Filing Cabinet?

On January 13, 2026, the Department of Homeland Security accidentally released 4,500 employee records — 90% of its ICE and Border Patrol workforce — including home addresses, payroll IDs, and badge numbers. The breach occurred just six days after the fatal shooting of Renee Nicole Good, which had already drawn intense public scrutiny. The timing was not coincidental; it was catastrophic.

Who was responsible for the breach?

DHS IT staff failed to contain data exfiltration after an internal system was accessed by an unauthorized actor. No external hacking was confirmed. The breach was caused by misconfigured access controls, unencrypted files, and a lack of multi-factor authentication for sensitive databases. The same system that tracks visa applications also stored personnel records without segregation.

Why does this matter beyond privacy?

Exposing 2,000 field agents endangers operational security. Many are deployed in high-risk zones; their identities now appear on public lists. This increases risks of retaliation, harassment, and targeted violence — a direct threat to national border integrity.

How did leadership respond?

DHS Secretary Kristi Noem held a press briefing and redirected blame toward the shooting victim. The statement did not mention the breach. This deflection eroded internal morale and public trust simultaneously. Meanwhile, Rep. Jamie Raskin linked the breach to the hiring of pardoned January 6 participants, triggering a congressional oversight hearing scheduled for February 2026.

What’s the fallout?

• Nationwide protests erupted in over 12 cities within 24 hours.
• FOIA requests surged by 300%.
• 80% of exposed personnel remain employed — no immediate firings or suspensions.
• The breach exceeds all prior DHS data leaks (previous record: 1,200 records in 2024).

What’s next?

• Mandatory audit of all DHS data-access protocols by the Office of Inspector General.
• Re-classification of employee records as “Sensitive Personal Information.”
• Integration of DOJ pardoned-individuals database into hiring vetting.
• Potential class-action lawsuits from agents whose family addresses were exposed.

The lesson? You don’t need a sophisticated cyberattack to compromise national security. Sometimes, you just need a spreadsheet, a default password, and a leader who thinks blaming victims is a valid strategy.

What else is happening?

• Microsoft Patch Tuesday addresses 114 vulnerabilities, including exploited zero-day CVE-2026-20805 in Windows Desktop Window Manager
• CrowdStrike acquires Seraphic Security for $400 million to enhance browser-based threat mitigation for enterprise endpoints
• Cyberattack on AZ Monica hospitals in Belgium disrupts critical care systems, forces patient transfers, and suspends non-urgent procedures after server compromise at 6:32 AM