This guidance is for public sector organisations to follow when deploying Microsoft Office 365 for handling OFFICIAL information. It can be used in conjunction with CESG’s Cloud Security Guidance when considering the information risk associated with using Microsoft Office 365 for handling OFFICIAL information.
These documents were created as a response to a request for guidance on cloud services from a government department and should not be read as an endorsement of these particular services.
It is important to remember that any guidance points given here are just recommendations; none of which are mandatory. They have been suggested as a way of satisfying the 14 cloud security principles that mitigate the threat at OFFICIAL. Risk owners and administrators should agree a configuration which balances the business requirements, usability and security of the platform and use this guidance for advice where needed.