Microsoft Message ID

#### Summary
Between November 2025 and early February 2026, a technical issue within the Microsoft 365 Baseline Security Mode interface caused the automatic creation of two draft Microsoft Entra ID Conditional Access policies. This occurred when an administrator simply accessed the Baseline Security Mode page. These policies were created in a “Disabled” state and were attributed to the specific administrator who was logged in at the time of the visit.

#### Impact

• Policy Visibility: Administrators may notice two additional entries in their Entra ID Conditional Access policy list that they do not recall creating manually.
• Security Posture: There is no impact on tenant security or user access. Because the policies were created in a “Disabled” draft state, they have not been enforced and have not altered any authentication flows.
• Audit Logs: The creation of these policies will appear in audit logs as being performed by the administrator who viewed the Baseline Security Mode dashboard, which may cause confusion during routine security reviews.
• Status: This behavior is confirmed as a UI-triggered automation error and is not the result of a security breach or unauthorized external access.

#### Action Required

• No Immediate Action: Microsoft has already deployed a fix to ensure that Baseline Security Mode policies are only created through explicit administrator confirmation moving forward.
• Automated Cleanup: Microsoft will automatically remove the unintentionally created draft policies from affected tenants. Admins do not need to delete them manually.
• Verification: If your organization maintains strict configuration-as-code or manual change management logs, you may wish to cross-reference any “Disabled” policies created during the Nov 2025 – Feb 2026 window with this Message Center update (MC1246002) to close out internal queries.