
Every Essential Eight Control, Mapped to a Microsoft 365 Setting
The Australian Essential Eight maps cleanly onto Microsoft 365. Here is the strategy-by-strategy mapping, the licensing each one needs, and which checks you can automate.
Archive

The Australian Essential Eight maps cleanly onto Microsoft 365. Here is the strategy-by-strategy mapping, the licensing each one needs, and which checks you can automate.

Six Conditional Access policies can stop token theft before it starts. Each blocks a different part of the attack, and each has a gap. Here is the full comparison with exact settings.

Microsoft kills the nonprofit Business Premium and E1 grants, raises the bar for CSP indirect resellers, and ships Copilot Tuning. May 2025's M365 changes, sorted by who has to act.

Entra's token protection session control sounds like the end of token replay. In testing, stolen tokens still replay in the browser. Here is exactly what the preview covers, as of May 2025.

GCS Technologies replaced point solutions with the Microsoft 365 security stack and built a practice around proactive improvement. Five lessons MSPs can borrow, from engagement model to pricing.

A stolen session token becomes a BEC campaign fast. This runbook walks the full cleanup, confirm, scope, evict, recover, with the exact portals, KQL queries, and PowerShell for each step.

Attack Surface Reduction rules block the macros and scripts antivirus misses, and a careless rollout blocks payroll too. The Intune deployment sequence that gets you to Block mode safely.

EDR cannot save a workstation running an exploitable app version. Here is the full Intune Win32 workflow for deploying and updating third-party software at scale.

Teams Premium flags sensitive content during screen sharing, Purview meters GenAI data security as pay-as-you-go, and Copilot lands across PowerPoint, Forms, and calls.

Defender for Endpoint scans macOS devices around the clock, but only after ABM, Intune profiles, and an onboarding package are in place. Here is the rollout order.

Defender for Business ships 24/7 vulnerability scanning with Business Premium. How to onboard devices, read the exposure score, and run an approve-remove-patch SOP.

A malicious OAuth app keeps mailbox access after every password reset. How attackers plant them in Microsoft 365, plus the consent lockdown and hunting runbook.

Exchange Online enforces tenant-wide outbound email limits, E5 Security arrives as a Business Premium add-on, and the Report Message add-in enters maintenance mode.

A Power Automate flow that takes vendor requests from a Microsoft Form, routes approvals through Teams, logs the software inventory, and opens the IT ticket.

Shadow SaaS thrives where no approved software list exists. Build a vendor management policy, an inventory template, and use the three app inventories M365 already keeps.

Most businesses cannot produce an accurate application inventory, and the Microsoft 365 defaults make it worse. Here is the layered plan for CIS Control 2, from OAuth consent to ASR rules.

Microsoft-managed Conditional Access policies start auto-enforcing after 45 days, Skype interop in Teams dies May 1, and Hotpatch hits preview. The February 2025 changes, sorted by deadline.

A hands-on video walkthrough of building two working AI agents in Microsoft Copilot Studio: a loan analyzer that decides and emails applicants, and a Teams-based app access evaluator for IT.