ASD's Blueprint for Secure Cloud

Services

This section describes the configuration of services in Microsoft 365 associated with systems built according to the guidance provided by ASD's Blueprint for Secure Cloud.

Estimated reading time: 6 minutes

Account Linking

ItemValue
Allow users to connect their Microsoft Entra ID and MSA accountsDisabled

Adoption Score

ItemValue
Select users and groups for calculating insightsInclude all users (recommended)
Turn on group-level insightsDisabled

Azure Speech Services

ItemValue
Allow the organization-wide language modelEnabled

Bookings

ItemValue
Allow your organization to use BookingsDisabled

Calendar

ItemValue
Let users share their calendars with people outside of your organization who have Office 365 or ExchangeDisabled

Cortana

ItemValue
Allow Cortana in Windows 10 (version 1909 and earlier), and the Cortana app on iOS and Android, to access Microsoft-hosted data on behalf of people in your organizationDisabled

Dynamics 365 Applications

ItemValue
Allow your user’s data to be viewed by themselves when using Dynamic 365 ApplicationsDisabled
Allow Aggregated and non-identifiable insights to be accessed by other users of your company’s Dynamics 365 ApplicationsDisabled
Allow individualized insights to be accessed by other users of your company’s Dynamics 365 ApplicationsDisabled

Dynamics 365 Customer Voice - Security

ItemValue
Prevent phishing attemptsEnabled
Collect namesEnabled
Restrict survey accessDisabled

Microsoft 365 Groups

ItemValue
Let group owners add people outside your organization to Microsoft 365 Groups as guestsDisabled
Let guest group members access group contentDisabled
When there’s no owner, email and ask active group members to become an ownerDisabled

Microsoft 365 installation options

ItemValue
Feature updates
As soon as they’re ready (Current Channel, recommended)Selected
Installation - Windows
Office (includes Skype for Business)Enabled
Skype for Business (Standalone)Enabled
Installation - Mac
OfficeEnabled
Skype for Business (X El Capitan 10.11 or higher)Enabled

Microsoft 365 on the web

ItemValue
Let users open files store in third-party storage services in Microsoft 365 on the webEnabled

Microsoft communication to users

ItemValue
Let people in my organization receive emails from Microsoft about how to use Microsoft 365 productsDisabled

Microsoft Forms

ItemValue
Send a link to the form and collect responsesDisabled
Share to collaborate on the form layout and structureDisabled
Share the form as the template that can be duplicatedDisabled
Share form result summaryDisabled
Record named by defaultDisabled
Include Bing search, YouTube videosDisabled
Add internal phishing protectionEnabled
Allow respondents to edit their responsesDisabled

Microsoft Graph Data Connect

ItemValue
Turn on Microsoft Graph Data Connect on or off for you entire organizationDisabled

Microsoft Loop

ItemValue
Microsoft Loop workspaces are available to all users in my organizationEnabled

Microsoft Planner

ItemValue
Allow Planner users to publish their plans and assigned tasks to Outlook or their calendars through iCalendar feedDisabled

Microsoft Search in Bing homepage

ItemValue
Display the Microsoft Search in Bing homepage for your organizationDisabled

Microsoft Teams

ItemValue
Turn on Microsoft Teams for all usersEnabled
Allow guest access in TeamsDisabled

Microsoft To Do

ItemValue
Allow your users to receive push notificationsDisabled

Microsoft Viva Insights

ItemValue
Viva Insights web experienceEnabled
Digest emailEnabled
Insights Outlook add-in and inline suggestionsEnabled
Schedule send suggestionsEnabled
Allow Microsoft to contact me about my feedbackDisabled

Modern Authentication

ItemValue
Turn on modern authentication for Outlook 2013 for Windows and later (recommended)Enabled
Authenticated SMTPDisabled

News

ItemValue
General
IndustryNone selected
TopicsNone selected
Exclude ContentNone selected
Allow user to customize their own topicsDisabled
Turn on industry news content in Microsoft FeedDisabled
Industry updates
Send daily email updatesDisabled
Bing homepage
Include industry newsDisabled
Microsoft Edge new tab page
Show Microsoft 365 content on the Microsoft Edge new tab pageDisabled
Show My Feed content on the Microsoft Edge new tab pageDisabled
Users default to My FeedUnselected
Users default to Work FeedUnselected

Office scripts

ItemValue
Let users automate their tasks in Excel on the webDisabled

Reports

ItemValue
Display concealed user, group, and site names in all reportsDisabled
Make report data available to Microsoft 365 usage analytics for Power BIDisabled

Sales Copilot

ItemValue
Allow Sales Copilot data to be associated with a user’s profile information in Microsoft 365 appsDisabled
Allow users to see Sales Copilot content in Microsoft 365 appsDisabled

SharePoint

ItemValue
Only people in your Organization - no external sharing allowedSelected

Sway

ItemValue
Let people in your organization share their sways with people outside you organizationDisabled
Let people in your organization look up people and security groupsDisabled
FlickrDisabled
PickitDisabled
WikipediaDisabled
YouTubeDisabled
ItemValue
Let users provide consent when apps request access to your organization’s data on their behalfDisabled

User owned apps and services

ItemValue
Let users access the Office StoreDisabled
Let users start trials on behalf of your organizationDisabled
Let users auto-claim licences the first time they sign inDisabled

Viva Learning

ItemValue
Allow employees to add their own content from SharePoint into Viva Learning tab in Microsoft Teams chats and channelsDisabled
Required Diagnostic Data. Send the minimum data necessary to Microsoft to keep Viva Learning secure, up-to-date, and performing as expectedDisabled
Optional Diagnostic Data. Additional data that helps us make product improvements and provides enhanced information to help us detect, diagnose, and remediate issuesDisabled

Whiteboard

ItemValue
Turn on Whiteboard for everyone in your orgEnabled
Neither - No diagnostic data about Whiteboard client software running on the devices in your organizations is sent to MicrosoftSelected
Allow the use of optional connected experiences in legacy WhiteboardDisabled
Enable easy sharing of legacy whiteboards from Surface HubDisabled

Security & Governance

  • None identified

Design

  • None identified

Configuration

  • None identified

References

  • None identified

Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at blueprint@asd.gov.au

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra