Guidance

Microsoft Office 365 Security Guidance

Configuration guidance for the use of Microsoft Office 365 at OFFICIAL

This publication was withdrawn on

This content has been moved to the CESG website: https://www.cesg.gov.uk/cloud-security-collection

Documents

Details

This guidance is for public sector organisations to follow when deploying Microsoft Office 365 for handling OFFICIAL information. It can be used in conjunction with CESG’s Cloud Security Guidance when considering the information risk associated with using Microsoft Office 365 for handling OFFICIAL information.

These documents were created as a response to a request for guidance on cloud services from a government department and should not be read as an endorsement of these particular services.

It is important to remember that any guidance points given here are just recommendations; none of which are mandatory. They have been suggested as a way of satisfying the 14 cloud security principles that mitigate the threat at OFFICIAL. Risk owners and administrators should agree a configuration which balances the business requirements, usability and security of the platform and use this guidance for advice where needed.

Please send any feedback sent to the address enquiries@cesg.gsi.gov.uk.

Published 2 November 2015
Last updated 4 November 2015 + show all updates
  1. Added a Data Privacy section under Administrator Good Practice making a statement on European Parliament directive (95/46/EC)
  2. First published.