Events
Take the Microsoft Learn Challenge
Nov 19, 11 PM - Jan 10, 11 PM
Ignite Edition - Build skills in Microsoft security products and earn a digital badge by January 10!
Register nowThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
The Australian Cyber Security Centre (ACSC) leads the Australian Government’s efforts to improve cyber security. The ACSC recommends all Australian organizations implement the Essential Eight mitigation strategies from the ACSC’s Strategies to Mitigate Cyber Security Incidents as a baseline. The baseline, known as the Essential Eight, are foundational cyber security measures that make it much harder for adversaries to compromise systems.
The Essential Eight maturity levels allow organizations to assess the appropriateness of their cyber security measures against common threats in the current interconnected technology landscape.
The Essential Eight (maturity level 2) is a mandatory requirement for all Australian noncorporate Commonwealth entities subject to the PGPA (Public Governance, Performance, and Accountability) Act (as per PSPF (Protective Security Policy Framework) Policy 10). For more information about Australian Government advice on PGPA legislation, associated instruments, and policies, see PGPA legislation, associated instruments, and policies.
This guidance is intended for security advisers, security assessors, system architects, and decision makers who wish to assess an organization’s maturity level. The guidance also provides details on how to implement the necessary controls to achieve the required maturity level.
These documents represent Consumer Guidance for the purposes of the cloud security assessment process. This material should also be considered and referenced within Microsoft’s relevant IRAP (Information Security Registered Assessors Program) Assessment Reports (for example, Azure IRAP Assessment) and ACSC advice.
If you require more information on Essential Eight, contact Essential-8@Microsoft.com.
See the following articles to learn about each pillar and how you can implement the controls to achieve a maturity level.
The Microsoft 365 License Maps portal publishes a summary of the licenses and toolsets required to implement the Essential Eight controls across the maturity levels. The Essential Eight License Map is available as an interactive version and a downloadable version.
Note
These license maps have been built by Microsoft employees as a community project and are not official documents from Microsoft.
Essential Eight assessment and remediation using these documents is a point in time activity to achieve the desired maturity level.
However, to maintain security policies and/or compliance baselines, Microsoft recommends using these guides with the objective to stay continually compliant by preventing compliance drift by using Microsoft Purview Compliance Manager.
Purview Compliance Manager Essential Eight Premium templates are available on Essential Eight at all three levels to automate and assist from a monitoring, continuous assessment, and configuration drift/configuration management perspective.
Additionally, there are premium templates for IRAP compliance at Official and Protected for Australian organizations requiring this level assurance.
Copilot for Microsoft 365 operates within the context of the existing Office applications, including Teams, Mobile apps, and Office for the Web. As such, Copilot for Microsoft 365 inherits your existing Essential Eight controls and posture.
Note
Currently, Copilot for Microsoft 365 will not operate on a Macro-enabled Office document.
Events
Take the Microsoft Learn Challenge
Nov 19, 11 PM - Jan 10, 11 PM
Ignite Edition - Build skills in Microsoft security products and earn a digital badge by January 10!
Register now