*
en | de
Pro User
Timespan
explore our new search
Microsoft 365 and CIS - Step-by-Step
M365 Admin
Oct 3, 2023 11:00 AM

Microsoft 365 and CIS - Step-by-Step

by HubSite 365 about Nick Ross [MVP] (T-Minus365)

Pro UserSecurityM365 AdminLearning Selection

Comprehensive Microsoft 365 and CIS guide, expanding the SCuBA project for secure Azure AD, Teams, Exchange & Intune implementations.

Microsoft 365 is working jointly with the Cybersecurity & Infrastructure Security Agency (CISA) on the Secure Cloud Business Applications (SCuBA) project. The project was praiseworthy, but it left many wanting more enablement materials and a clearer relation to broader cybersecurity frameworks. This desire led to the development of a comprehensive guide that encompasses security controls for Azure AD, Teams, Exchange, SharePoint, OneDrive, and Intune.

These security control tools are aimed to provide a more comprehensive guide as opposed to just a checklist. The main objective of the SCuBA project is to guarantee the protection of information developed, accessed, shared, and stored in federal civilian executive branch (FCEB) agencies’ cloud environments. The project provides security enhancements through increased configurations, settings, and security product implementation.

The SCuBA's project, through continuous dialogue and collaboration with industry and government stakeholders, also includes a set of guidance documents. Included within these documents is the SCuBA Technical Reference Architecture (TRA); a guide that agencies can utilize to adopt cloud-based technology, adaptable solutions, secure architecture, and zero trust frameworks.

 

Also part of the guidance documents, the Extensible Visibility Reference Framework (eVRF) Guidebook offers an overview of the eVRF framework. This book will enable organizations to identify visibility data useful for mitigating threats and potential visibility gaps. Additionally, it aids in the understanding of the extent that specific products can provide this visibility data.

M365 Security Configuration Baselines are also included as part of the guidance documents. These baselines aim to enhance the security of business cloud application environments across agencies. The SCuBA project is intended to develop shared cybersecurity services, improve cloud security guidance across organizations, and enhance cloud cybersecurity practices.

Further Analysis Of The Secure Cloud Business Applications (SCuBA) Project

The SCuBA project could significantly change the cybersecurity landscape. It enhances not just the security of federal agencies, but also scales it across public and private organizations. With the help of ongoing collaborations and dialogue, it has extended its reach to government and industry stakeholders alike.

Its easily adaptable solutions and zero trust frameworks make it a go-to reference for agencies looking to advance their technology adoption. Not to mention its approach toward the mitigation of threats, potential visibility gaps, and the achievement of business cloud security. With plans to launch test pilots with FCEB agencies to assess visibility, configuration, and security-hardened product-specific security baselines, the project is bound to revolutionize cloud cybersecurity.

Read the full article Microsoft 365 and CIS enablement guide

 

Learn about Microsoft 365 and CIS enablement guide

 

Microsoft, in conjunction with CISA, has curated an extensive guide connecting the Secure Cloud Business Application (SCuBA) project and broader cybersecurity frameworks. It includes security controls spanning Azure AD, Teams, Exchange, SharePoint, OneDrive, and Intune. The SCuBA project, initiated to provide guidance for securing federal civilian executive branch agencies' cloud environments, has three significant outputs to its credit:

  • SCuBA Technical Reference Architecture (TRA): this is meant for guiding agencies in adopting technology for cloud deployment, adaptable solutions, secure architecture, and zero trust frameworks.

  • Extensible Visibility Reference Framework (Guidebook): presents an overview of the eVRF framework. This helps organizations identify visibility data useful for mitigating threats, understand the contributions of specific products and services in providing that data, and locate potential visibility loopholes.

  • Microsoft 365 Security Configuration Baselines: these are recommended cybersecurity configuration baselines to improve the security of cloud business application environments.

 

More links on about Microsoft 365 and CIS enablement guide

CIS Microsoft 365 Benchmarks
Microsoft 365. This CIS Benchmark is the product of a community consensus process and consists of secure configuration guidelines developed for Microsoft 365.
Best practices for securely using Microsoft 365—the CIS ...
Jan 10, 2019 — Microsoft 365 provides powerful online cloud services that enable collaboration, security, and compliance, mobility, intelligence, and analytics ...

Keywords

Microsoft 365, CIS enablement guide, Office 365, cyber security, cloud services, Microsoft 365 guide, compliance standards, CIS benchmark, cloud security, Microsoft 365 CIS enablement