The Central Digital and Data Office (CDDO) has published guidance for government organisations on the secure use of Microsoft 365.
It has collaborated with the company and the National Cyber Security Centre (NCSC) in developing a threefold focus for the guidance, taking in: secure configuration alignment for security; fostering cross-government collaboration; and safeguarding information with precision.
This is intended for use by IT professionals administering the relevant platform in government or partner organisations.
Claudia Chiurlia, delivery manager for the CDDO, said in an accompanying blogpost: “By adhering to this guidance, government departments can confidently navigate the intricacies of data protection while harnessing the full potential of their information assets.”
Good, better, best
The secure configuration guide follows the previous approach of listing good, better and best controls, service configuration and identity on the Microsoft 365 productivity suite. It says that for most central government organisations and providers of essential services the controls in the ‘better’ category would be most appropriate.
The guidance on cross-government collaboration includes sections on baseline Microsoft 365 configuration, security considerations and optional configuration. It is aimed at enabling key features such as real time file sharing, co-authoring across departments, calendar sharing and consistent instant messaging.
Configurations for sensitivity labels and data loss prevention features are outlined in the guidance on information protection.
