ASD's Blueprint for Secure Cloud

Solution Overview

This section provides an overview of the architecture, design considerations and decisions associated with system(s) built on ASD's Blueprint for Secure Cloud.

Estimated reading time: 2 minutes

Purpose

ASD’s Blueprint for Secure Cloud (the Blueprint) provides organisations a secure, flexible, and scalable platform for key services including productivity and collaboration, and user operated endpoints (laptops, desktops, and mobile devices). It also provides a controlled base allowing organisations to deploy its own hosted additional services, workloads, and third party web services. The Blueprint describes a secure architecture, with implementation and operation guidance, and associated security documentation necessary for organisations to make well-informed risk-based decisions on implementations tailored to the operating context.

Where to start

This overview is suitable for all users as a starting point. The technical aspects of the Blueprint are made up of 3 main sections:

  • Platform design – All base and supporting components, services, functions, and configuration for secure implementation of Microsoft 365 and endpoint devices
  • Endpoints design – Specific information relating to configuration of Windows and iOS endpoint devices
  • Shared Services design – Information regarding the services within the Blueprint, including:
    • Exchange Online
    • SharePoint Online
    • OneDrive for Business
    • Teams
    • Power Platform.

For each component in the solution, the Blueprint artefacts provide:

  • a brief description of the component
  • decision points
  • the decision itself
  • a justification for that decision.

Example as-built-as-configured (ABAC) pages detail specific technical configurations for manual implementation. Provided configuration files also enable automated deployment of the Blueprint using the Microsoft 365 Desired State Configuration (DSC) PowerShell utility.

The use of placeholders like <ORGANISATION.GOV.AU> and <TENANT-NAME> are used in the ABAC documents where appropriate. Given the large amount of settings covered within the Blueprint, the ABAC documents do not provide justification for individual settings. The pages highlight sections where there are differences between hybrid and cloud only solutions.

What is covered in this overview section?

This overview section describes the design principles, requirements, scope, design decisions, assumptions, and a summary of the architecture.

Scope

This section provides an overview of the scope and concept of operation of system(s) built on ASD's Blueprint for Secure Cloud.

Design Principles

This section provides an overview of the design principles associated with system(s) built on ASD's Blueprint for Secure Cloud.

Components

This section provides an overview of the key components associated with system(s) built on ASD's Blueprint for Secure Cloud.

Service Provisioning Considerations

This section provides a framework of considerations when looking at provisioning new Microsoft 365 services associated with system(s) built on ASD's Blueprint for Secure Cloud.

Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at blueprint@asd.gov.au

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra