ASD's Blueprint for Secure Cloud

Policies

This page describes the configuration of policies within Microsoft Entra ID associated with systems built according to the guidance provided by ASD's Blueprint for Secure Cloud.

Estimated reading time: 2 minutes

MethodTargetEnabled
FIDO2 security keyAll users, exclude grp-Conditional_Access_ExcludeYes
Microsoft AuthenticatorAll users, exclude grp-Conditional_Access_ExcludeYes
SMSNo
Temporary Access Pass settingsAll users, exclude grp-Conditional_Access_ExcludeYes
Hardware OATH tokens (Preview)No
Third-party software OATH tokensNo
Voice callNo
Email OTPNo
Certificate-based authenticationNo

FIDO2 security key settings

Enable and Target

ItemValue
EnabledYes
TargetAll users
Excludegrp-Conditional_Access_Exclude

Configure

ItemValue
Allow self-service set upYes
Enforce attestationYes
Enforce key restrictionsYes
Restrict specific keysAllow

Microsoft Authenticator settings

Enable and Target

ItemValue
EnabledYes
TargetAll users
Excludegrp-Conditional_Access_Exclude

Configure

ItemValue
Allow use of Microsoft Authenticator OTPNo
Require number matching for push notifications - StatusEnabled
Require number matching for push notifications - TargetAll users
Show application name in push and passwordless notifications - StatusMicrosoft managed
Show application name in push and passwordless notifications - TargetAll users
Show geographic location in push and passwordless notifications - StatusMicrosoft managed
Show geographic location in push and passwordless notifications - TargetAll users
Microsoft Authenticator on companion applications - StatusMicrosoft managed
Microsoft Authenticator on companion applications - TargetAll users

Temporary Access Pass settings

Enable and Target

ItemValue
EnabledYes
TargetAll users
Excludegrp-Conditional_Access_Exclude

Configure

ItemValue
Minimum lifetime1 hour
Maximum lifetime8 hours
Default lifetime1 hour
One-time14

Security & Governance

Design

Configuration

  • None identified

References

Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at blueprint@asd.gov.au

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra