View on GitHub

cloud-guardrails-O365

Recommended configuration guidance for Microsoft O365 / Conseils de configuration recommandés pour Microsoft O365

Manage Identity and Access

Objective

Manage identities and establish access control policies and procedures for management of administrative privileges.

Key Considerations

Identity

If using ADFS, consider the following:

Access

Additional Considerations

Validation

References

  1. Directive on Security Management - Appendix B: Mandatory Procedures for Information Technology Security Control, subsections B.2.3.1, B.2.3.2.4
  2. SPIN 2017-01, subsection 6.2.3
  3. CSE Top 10 #3
  4. Refer to CCCS ITSP.30.031 V2 User Authentication Guidance for Information Technology Systems
  5. Refer to the Guidance on Cloud Authentication for the Government of Canada _(accessible only on the Government of Canada network)_
  6. Refer to the Recommendations for Two-Factor User Authentication Within the Government of Canada Enterprise Domain _(accessible only on the Government of Canada network)_
  7. Related security controls: AC‑2, AC‑2(1), AC‑3, AC‑5, AC‑6, AC‑6(5), AC‑6(10), AC‑7, AC‑9, AC‑19, AC‑20(3), IA‑2, IA‑2(1), IA‑2(2), IA‑2(11), IA‑4, IA‑5, IA‑5(1), IA‑5(6), IA‑5(7), IA‑5(13), IA‑6, IA‑8