ASD's Blueprint for Secure Cloud

Security & privacy

This section describes the configuration of security and privacy settings in Microsoft 365 associated with systems built according to the guidance provided by ASD's Blueprint for Secure Cloud.

Estimated reading time: 2 minutes

Customer lockbox

Require approval for all data access requestsEnabled

Help & support query collection

Allow Microsoft to collect support queriesDisabled

Idle session timeout

Turn on to set the period of inactivity for users to be signed off of Microsoft 365 web appsEnabled
When do you want users signed out1 hour

Password expiration policy

Set passwords to never expireEnabled

Privacy profile

Organization privacy statementURL to organisation privacy policy
Organisation privacy contactemail for organisation privacy contact

Privileged access

Allow privileged access requests and choose a default approval groupEnabled


Let user add new quests to the organizationDisabled

Security & Governance

  • None identified


  • None identified


  • None identified


  • None identified

Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra