The National Cyber Security Centre (NCSC), in coordination with Microsoft and Ekco, have developed this Secure Configuration Framework for Office 365 a component of the Microsoft 365 services. The objective of this framework is to guide and support Irish Government departments in configuring Office 365 to ensure a high level of security and leverage the features and capabilities that are present within the service. This framework is influenced by, and aligns with, the existing best practice that is published by the NCSC and Microsoft.
This document provides Office365 specific guidance to those implementing the Cyber Security Baseline Standards. The controls & maturity levels described in this document are guidance and, as per the Public Sector Cyber Security Baseline Standards, are intended to create an acceptable security standard and form a broad framework for a set of measures which can be revised over time. The framework model follows a holistic and comprehensive approach to the issues related to Cyber Security which combines the best of various standards to address the needs of key stakeholders.
As Office 365 makes up such a significant component of many organisations’ technology portfolio, it is critical that the Microsoft 365 platform is secured and managed to meet the standards set in Government’s Cyber Security Baseline Standards. Those standards and other best practices, such as mentioned above, help guide an organisation to define the appropriate level of security that must be met to protect their data.
Where organisations have already invested in Microsoft 365 technologies, this guide also helps provide a roadmap to achieve a greater security posture and compliance value out of existing Microsoft licensing and features. It is recommended to continually mature your security posture to protect against evolving threats, and the levels outlined here can be used as advancements in that journey.
The Government does not endorse any commercial product or service; however, this secure configuration framework has been developed in collaboration with Microsoft and Ecko in order to ensure that organisations that are using Office 365 are doing so in a secure manner.