View on GitHub

cloud-guardrails-O365

Recommended configuration guidance for Microsoft O365 / Conseils de configuration recommandés pour Microsoft O365

Perform Device Hardening

Objective

The security posture of the devices being used to access the service should be considered. As a minimum, organisations need to ensure that devices are fully patched, are not using administrative privileges, have malware defences in place and are collecting security logs.

Key Considerations

Mobile Device Management

Validation

References

  1. Directive on Security Management - Appendix B: Mandatory Procedures for Information Technology Security Control, subsections B.2.3.1, B.2.3.3.3, B.2.3.4
  2. SPIN 2017-01
  3. CSE Top 10
  4. Refer to CCCS ITSP.30.031 V2 User Authentication Guidance for Information Technology Systems
  5. Refer to the GC Password Guidance
  6. Refer to the ITPIN 2018-03