{"id":68701,"date":"2024-02-28T13:37:14","date_gmt":"2024-02-28T12:37:14","guid":{"rendered":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/?p=68701"},"modified":"2025-06-19T13:49:41","modified_gmt":"2025-06-19T12:49:41","slug":"updated-office-365-security-and-compliance-guidance-for-the-uk-public-sector","status":"publish","type":"post","link":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/cross-industry\/2024\/02\/28\/updated-office-365-security-and-compliance-guidance-for-the-uk-public-sector\/","title":{"rendered":"Updated Microsoft 365 security and compliance guidance for the UK public sector"},"content":{"rendered":"\n<p>For almost 20 years, Microsoft and the (now) <a href=\"https:\/\/www.ncsc.gov.uk\/section\/about-ncsc\/what-we-do\" target=\"_blank\" rel=\"noreferrer noopener\">National Cyber Security Centre<\/a> (NCSC) have been working together.&nbsp;This work started with securing user devices but has evolved to cover not only user devices but the broader secure use of Microsoft 365.<\/p>\n\n\n\n<p>People say that the last part in a trilogy is the perfect way to close out a movie series. But what happens when the last movie was actually the prequel?<\/p>\n\n\n\n<p>Microsoft has remastered existing guidance in \u201cEntra ID vision\u201d as a series of documents under the banner \u201cMicrosoft 365 guidance for UK Government\u201d.\u00a0 Following the release of the <a href=\"https:\/\/aka.ms\/UKMPIPOFFICIAL\" target=\"_blank\" rel=\"noreferrer noopener\">Information Protection<\/a> guidance and the update to <a href=\"https:\/\/aka.ms\/UKXGOVOFFICIAL\" target=\"_blank\" rel=\"noreferrer noopener\">External Collaboration<\/a> guidance, we have also remastered the one that kicked it off: <a href=\"https:\/\/cdn-dynmedia-1.microsoft.com\/is\/content\/microsoftcorp\/microsoft\/mcaps\/documents\/fy25\/Microsoft-365-Guidance-for-UK-Government-Secure-Configuration-Blueprint.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Secure Configuration Blueprint<\/a>.<\/p>\n\n\n\n<p class=\"mt-4 has-text-align-center\"><strong class=\"font-weight-semibold\">Microsoft 365 Guidance for UK Government<\/strong><\/p>\n\n\n\n<div style=\"margin: auto auto 1rem auto\">\n\t<table style=\"width: 100%;border-spacing: 16px;border-collapse: separate;text-align: center\">\n\t\t<tbody>\n\t\t\t<tr>\n\t\t\t\t<td style=\"padding: 16px;border-radius: 8px;background-color: #0078d4;color: #ffffff;vertical-align: top\"><a href=\"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/government\/2023\/07\/25\/guidance-on-protecting-government-data-using-microsoft-purview\/\" target=\"_blank\" style=\"color: #ffffff\" rel=\"noopener\">Information Protection<\/a><\/td>\n\t\t\t\t<td style=\"padding: 16px;border-radius: 8px;background-color: #0078d4;color: #ffffff;vertical-align: top\"><a href=\"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/government\/2023\/08\/07\/microsoft-365-guidance-for-uk-government-external-collaboration\/\" target=\"_blank\" style=\"color: #ffffff\" rel=\"noopener\">External Collaboration<\/a><\/td>\n\t\t\t<\/tr>\n\t\t\t<tr>\n\t\t\t\t<td colspan=\"3\" style=\"padding: 16px;border-radius: 8px;background-color: #107c10;color: #ffffff;vertical-align: top\"><a href=\"https:\/\/cdn-dynmedia-1.microsoft.com\/is\/content\/microsoftcorp\/microsoft\/mcaps\/documents\/fy25\/Microsoft-365-Guidance-for-UK-Government-Secure-Configuration-Blueprint.pdf\" target=\"_blank\" style=\"color: #ffffff\" rel=\"noopener\">Secure Configuration Blueprint<\/a><\/td>\n\t\t\t<\/tr>\n\t\t<\/tbody>\n\t<\/table>\n<\/div>\n\n\n\n<p>The three-piece collection provides a common baseline which UK Government departments, and their partners, can use to enable secure use of Microsoft 365.<\/p>\n\n\n\n<p>The goal of the Secure Configuration Blueprint is to create a secure foundation for a Microsoft 365 tenancy. It provides guidance using the \u201cGood, Better, Best\u201d approach targeted on feature availability by licence, offering policies and settings that protect your Microsoft 365 tenancy from the most common attacks.&nbsp; It includes:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Securing identities that access services, including privileged users.<\/li>\n\n\n\n<li>Protecting devices that your users use to access services.<\/li>\n\n\n\n<li>Configuration of services to require use of the above when accessing data.<\/li>\n<\/ul>\n\n\n\n<p>The updated Secure Configuration Blueprint guidance is the base upon which the other pieces of guidance are built. But how have we got to where we are today?<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"securing-user-devices\">Securing user devices<\/h2>\n\n\n\n<p>It all started as a result of understanding that device trust was key to protecting the data stored locally and in datacentres.<\/p>\n\n\n\n<p>In 2004, on the back of some high-profile worm viruses, <a href=\"https:\/\/learn.microsoft.com\/en-us\/security-updates\/securitybulletins\/2002\/ms02-039\" target=\"_blank\" rel=\"noreferrer noopener\">SQL Slammer<\/a> (January 2003) and <a href=\"https:\/\/learn.microsoft.com\/en-us\/troubleshoot\/windows-server\/security-and-malware\/blaster-worm-virus-alert\" target=\"_blank\" rel=\"noreferrer noopener\">Blaster<\/a> (August 2003), Microsoft worked closely with Communications-Electronics Security Group (CESG), now a part of the <a href=\"https:\/\/www.ncsc.gov.uk\">NCSC<\/a>. This joint effort developed a set of security controls to take advantage of the security improvements in SP2 for Windows XP, including Windows Firewall on by default, Software Restriction Policies, and Automatic Updates enabled by default. <\/p>\n\n\n\n<p>The outcome of this work was known as the \u201cGovernment Assurance Pack\u201d or GAP for short.&nbsp;GAP was revised and updated for Vista and Windows 7 and added BitLocker device encryption and AppLocker when those features were released.<\/p>\n\n\n\n<p>Moving forward to 2014, and CESG moved to a model that evaluated all end-user devices, PC and mobile, against a common set of principles, the <a href=\"https:\/\/www.ncsc.gov.uk\/collection\/device-security-guidance\/security-principles#:~:text=The%20device%20security%20principles%20Provide%20updates%2C%20securely%20Support,software%20Minimise%20the%20privilege%20and%20reach%20of%20applications\" target=\"_blank\" rel=\"noreferrer noopener\">End User Device Security Principles<\/a>.&nbsp;Windows 8 (8.1), Windows 10 and Windows 11 have all had End User Device (EUD) security guidance developed with CESG initially and then the NCSC when that was formed in October 2016. <\/p>\n\n\n\n<p>By following the latest guidance provided by NCSC, organisations (including Government departments) can be confident that the devices used by their users to access and handle data are secure against common attacks.<\/p>\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2024\/02\/image.webp\" alt=\"\" class=\"wp-image-68715 webp-format\" srcset=\"\" data-orig-src=\"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2024\/02\/image.webp\"><\/figure>\n\n\n\n<p><em>Figure 1<\/em>. Timeline leading to the updated Secure Configuration Blueprint guidance.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"securing-cloud-services\">Securing cloud services<\/h2>\n\n\n\n<p>The UK Government introduced a \u201c<a href=\"https:\/\/www.gov.uk\/guidance\/government-cloud-first-policy\" target=\"_blank\" rel=\"noreferrer noopener\">Cloud First<\/a>\u201d policy in 2013 for all technology decisions with the NCSC, publishing <a href=\"https:\/\/www.ncsc.gov.uk\/collection\/cloud\/the-cloud-security-principles\" target=\"_blank\" rel=\"noreferrer noopener\">14 Cloud Security Principles<\/a> (originally in December 2013) to support Government as it started to adopt cloud services.<\/p>\n\n\n\n<p>Historically, the focus of the guidance was on securing devices but, with the UK Government adopting a Cloud First policy, data was no longer being stored in on-premises datacentres and networks. Instead, it would increasingly be stored in Public Cloud services like Microsoft 365.<\/p>\n\n\n\n<p>To address this, Microsoft worked with the NCSC to produce guidance for <a href=\"https:\/\/azure.microsoft.com\/resources\/14-cloud-security-controls-for-uk-cloud-using-microsoft-azure\/\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Azure<\/a> in October 2017, and in July 2019 we released the initial version of Office 365 Blueprint and a supporting document detailing how Office 365 met the NCSC 14 Cloud Security Principles.<\/p>\n\n\n\n<p>As a result, in parallel to releasing Office 365 guidance, we also worked with NCSC to produce the first MDM (Mobile Device Management) End User Device (EUD) guidance for cloud-managed Windows 10 EUDs using Microsoft Intune.&nbsp;This guidance formed the base for Microsoft\u2019s first cloud-based <a href=\"https:\/\/github.com\/Azure\/securedworkstation\/tree\/master\/Legacy\" target=\"_blank\" rel=\"noreferrer noopener\">Privileged Access Workstation (PAW)<\/a>, allowing organisations to manage their risk in Microsoft 365 management. Microsoft recommends using a PAW for administrative access and managed EUDs for standard user access, both using Entra ID to secure access to cloud services &#8211; please refer to <a href=\"https:\/\/aka.ms\/protectm365\" target=\"_blank\" rel=\"noreferrer noopener\">Protect Microsoft 365<\/a> and <a href=\"https:\/\/aka.ms\/spa\">Securing Privileged Access<\/a>.<\/p>\n\n\n\n<p>Once the foundational guidance was released, and on the back of the challenges that the COVID-19 pandemic brought to UK Government departments, we worked with NCSC and <a href=\"https:\/\/www.security.gov.uk\/organisations\/#government-security-group-gsg\" target=\"_blank\" rel=\"noreferrer noopener\">Government Security Group<\/a> and released the first iteration of our BYOD guidance in June 2020.<\/p>\n\n\n\n<p>The rest is history, as they say. Working with <a href=\"https:\/\/www.gov.uk\/government\/organisations\/central-digital-and-data-office\" target=\"_blank\" rel=\"noreferrer noopener\">Central Digital &amp; Data Office<\/a> (CDDO) and NCSC, the Cross-Government Collaboration guidance was released in 2021 and updated in 2023, along with the release of the <a href=\"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/government\/2023\/07\/25\/guidance-on-protecting-government-data-using-microsoft-purview\/\" target=\"_blank\" rel=\"noreferrer noopener\">Purview Information Protection guidance<\/a>.<\/p>\n\n\n\n<p>With that, UK Government departments have at their disposal guidance for how to securely configure their Entra ID and Microsoft 365 tenant, classify and protect their data, and use it to securely collaborate with not only other government departments but also industry partners.<\/p>\n\n\n\n<p>But remember, if you don&#8217;t pay attention to the film, the sequels might be confusing.&nbsp;So, <strong>ensure that you implement the guidance in the Secure Configuration Blueprint <\/strong>before looking to adopt the <a href=\"https:\/\/aka.ms\/UKXGOVOFFICIAL\" target=\"_blank\" rel=\"noreferrer noopener\">External Collaboration<\/a> or <a href=\"https:\/\/aka.ms\/UKXGOVOFFICIAL\" target=\"_blank\" rel=\"noreferrer noopener\">External Collaboration<\/a> guidance.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"find-out-more\">Find out more<\/h2>\n\n\n\n<p><a href=\"https:\/\/cdn-dynmedia-1.microsoft.com\/is\/content\/microsoftcorp\/microsoft\/mcaps\/documents\/fy25\/Microsoft-365-Guidance-for-UK-Government-Secure-Configuration-Blueprint.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Read the Secure Configuration Blueprint<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/government\/2023\/07\/25\/guidance-on-protecting-government-data-using-microsoft-purview\/\" target=\"_blank\" rel=\"noreferrer noopener\">Guidance on protecting government data using Microsoft Purview<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"about-the-author\">About the author<\/h2>\n\n\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignright size-full wp-image-67692\" src=\"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2023\/08\/James-Noyce.jpg\" alt=\"James Noyce, Senior Technical Specialist, Microsoft UK\" width=\"151\" height=\"149\" \/>James has spent his entire IT career of 27 years specialising in the security arena, the last 22 of which have been for Microsoft. Based in the UK, he works in the key areas of security and identity in the public sector as a Security Technical Specialist. He is a regular contributor to Microsoft docs for Securing Privileged Access and was the lead architect for the Microsoft 365, External Collaboration, Information Protection, and BYOD guidance produced for Cabinet Office and NCSC.<\/p>","protected":false},"excerpt":{"rendered":"<p>Access the latest Microsoft 365 security and compliance guidance for UK public sector customers and understand the background.<\/p>\n","protected":false},"author":483,"featured_media":68748,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","_classifai_text_to_speech_error":"","footnotes":""},"categories":[1],"post_tag":[160,122,804,1017,196,570,199],"content-type":[],"coauthors":[1977],"class_list":["post-68701","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cross-industry","tag-blogger-series","tag-cloud","tag-cyber-security","tag-government","tag-microsoft-365","tag-public-sector","tag-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Updated Microsoft 365 security and compliance guidance for the UK public sector - Microsoft Industry Blogs - United Kingdom<\/title>\n<meta name=\"description\" content=\"Access the latest Microsoft 365 security and compliance guidance, created with the NCSC, for UK public sector customers.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/cross-industry\/2024\/02\/28\/updated-office-365-security-and-compliance-guidance-for-the-uk-public-sector\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Updated Microsoft 365 security and compliance guidance for the UK public sector - Microsoft Industry Blogs - United Kingdom\" \/>\n<meta property=\"og:description\" content=\"Access the latest Microsoft 365 security and compliance guidance, created with the NCSC, for UK public sector customers.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/cross-industry\/2024\/02\/28\/updated-office-365-security-and-compliance-guidance-for-the-uk-public-sector\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Industry Blogs - United Kingdom\" \/>\n<meta property=\"article:published_time\" content=\"2024-02-28T12:37:14+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-19T12:49:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2024\/02\/CLO22_TechOffice_058.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"450\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"James Noyce\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"James Noyce\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 min read\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/en-gb\\\/industry\\\/blog\\\/cross-industry\\\/2024\\\/02\\\/28\\\/updated-office-365-security-and-compliance-guidance-for-the-uk-public-sector\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/en-gb\\\/industry\\\/blog\\\/cross-industry\\\/2024\\\/02\\\/28\\\/updated-office-365-security-and-compliance-guidance-for-the-uk-public-sector\\\/\"},\"author\":[{\"@id\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/en-gb\\\/industry\\\/blog\\\/author\\\/james-noyce\\\/\",\"@type\":\"Person\",\"@name\":\"James Noyce\"}],\"headline\":\"Updated Microsoft 365 security and compliance guidance for the UK public sector\",\"datePublished\":\"2024-02-28T12:37:14+00:00\",\"dateModified\":\"2025-06-19T12:49:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/en-gb\\\/industry\\\/blog\\\/cross-industry\\\/2024\\\/02\\\/28\\\/updated-office-365-security-and-compliance-guidance-for-the-uk-public-sector\\\/\"},\"wordCount\":967,\"publisher\":{\"@id\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/en-gb\\\/industry\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/en-gb\\\/industry\\\/blog\\\/cross-industry\\\/2024\\\/02\\\/28\\\/updated-office-365-security-and-compliance-guidance-for-the-uk-public-sector\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/en-gb\\\/industry\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/22\\\/2024\\\/02\\\/CLO22_TechOffice_058.jpg\",\"keywords\":[\"Blogger Series\",\"Cloud\",\"Cyber-security\",\"Government\",\"Microsoft 365\",\"Public Sector\",\"Security\"],\"articleSection\":[\"Cross-industry\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/en-gb\\\/industry\\\/blog\\\/cross-industry\\\/2024\\\/02\\\/28\\\/updated-office-365-security-and-compliance-guidance-for-the-uk-public-sector\\\/\",\"url\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/en-gb\\\/industry\\\/blog\\\/cross-industry\\\/2024\\\/02\\\/28\\\/updated-office-365-security-and-compliance-guidance-for-the-uk-public-sector\\\/\",\"name\":\"Updated Microsoft 365 security and compliance guidance for the UK public sector - Microsoft Industry Blogs - United Kingdom\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/en-gb\\\/industry\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/en-gb\\\/industry\\\/blog\\\/cross-industry\\\/2024\\\/02\\\/28\\\/updated-office-365-security-and-compliance-guidance-for-the-uk-public-sector\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/en-gb\\\/industry\\\/blog\\\/cross-industry\\\/2024\\\/02\\\/28\\\/updated-office-365-security-and-compliance-guidance-for-the-uk-public-sector\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/en-gb\\\/industry\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/22\\\/2024\\\/02\\\/CLO22_TechOffice_058.jpg\",\"datePublished\":\"2024-02-28T12:37:14+00:00\",\"dateModified\":\"2025-06-19T12:49:41+00:00\",\"description\":\"Access the latest Microsoft 365 security and compliance guidance, created with the NCSC, for UK public sector customers.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/en-gb\\\/industry\\\/blog\\\/cross-industry\\\/2024\\\/02\\\/28\\\/updated-office-365-security-and-compliance-guidance-for-the-uk-public-sector\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/cm-edgetun.pages.dev\\\/en-gb\\\/industry\\\/blog\\\/cross-industry\\\/2024\\\/02\\\/28\\\/updated-office-365-security-and-compliance-guidance-for-the-uk-public-sector\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/en-gb\\\/industry\\\/blog\\\/cross-industry\\\/2024\\\/02\\\/28\\\/updated-office-365-security-and-compliance-guidance-for-the-uk-public-sector\\\/#primaryimage\",\"url\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/en-gb\\\/industry\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/22\\\/2024\\\/02\\\/CLO22_TechOffice_058.jpg\",\"contentUrl\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/en-gb\\\/industry\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/22\\\/2024\\\/02\\\/CLO22_TechOffice_058.jpg\",\"width\":800,\"height\":450,\"caption\":\"Two female office employees work at their PC screens\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/en-gb\\\/industry\\\/blog\\\/cross-industry\\\/2024\\\/02\\\/28\\\/updated-office-365-security-and-compliance-guidance-for-the-uk-public-sector\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/en-gb\\\/industry\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Updated Microsoft 365 security and compliance guidance for the UK public sector\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/en-gb\\\/industry\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/en-gb\\\/industry\\\/blog\\\/\",\"name\":\"Microsoft Industry Blogs - United Kingdom\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/en-gb\\\/industry\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/en-gb\\\/industry\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/en-gb\\\/industry\\\/blog\\\/#organization\",\"name\":\"Microsoft Industry Blogs - United Kingdom\",\"url\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/en-gb\\\/industry\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/en-gb\\\/industry\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/en-gb\\\/industry\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/22\\\/2019\\\/08\\\/Microsoft-Logo.png\",\"contentUrl\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/en-gb\\\/industry\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/22\\\/2019\\\/08\\\/Microsoft-Logo.png\",\"width\":259,\"height\":194,\"caption\":\"Microsoft Industry Blogs - United Kingdom\"},\"image\":{\"@id\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/en-gb\\\/industry\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Updated Microsoft 365 security and compliance guidance for the UK public sector - Microsoft Industry Blogs - United Kingdom","description":"Access the latest Microsoft 365 security and compliance guidance, created with the NCSC, for UK public sector customers.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/cross-industry\/2024\/02\/28\/updated-office-365-security-and-compliance-guidance-for-the-uk-public-sector\/","og_locale":"en_US","og_type":"article","og_title":"Updated Microsoft 365 security and compliance guidance for the UK public sector - Microsoft Industry Blogs - United Kingdom","og_description":"Access the latest Microsoft 365 security and compliance guidance, created with the NCSC, for UK public sector customers.","og_url":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/cross-industry\/2024\/02\/28\/updated-office-365-security-and-compliance-guidance-for-the-uk-public-sector\/","og_site_name":"Microsoft Industry Blogs - United Kingdom","article_published_time":"2024-02-28T12:37:14+00:00","article_modified_time":"2025-06-19T12:49:41+00:00","og_image":[{"width":800,"height":450,"url":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2024\/02\/CLO22_TechOffice_058.jpg","type":"image\/jpeg"}],"author":"James Noyce","twitter_card":"summary_large_image","twitter_misc":{"Written by":"James Noyce","Est. reading time":"4 min read"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/cross-industry\/2024\/02\/28\/updated-office-365-security-and-compliance-guidance-for-the-uk-public-sector\/#article","isPartOf":{"@id":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/cross-industry\/2024\/02\/28\/updated-office-365-security-and-compliance-guidance-for-the-uk-public-sector\/"},"author":[{"@id":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/author\/james-noyce\/","@type":"Person","@name":"James Noyce"}],"headline":"Updated Microsoft 365 security and compliance guidance for the UK public sector","datePublished":"2024-02-28T12:37:14+00:00","dateModified":"2025-06-19T12:49:41+00:00","mainEntityOfPage":{"@id":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/cross-industry\/2024\/02\/28\/updated-office-365-security-and-compliance-guidance-for-the-uk-public-sector\/"},"wordCount":967,"publisher":{"@id":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/#organization"},"image":{"@id":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/cross-industry\/2024\/02\/28\/updated-office-365-security-and-compliance-guidance-for-the-uk-public-sector\/#primaryimage"},"thumbnailUrl":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2024\/02\/CLO22_TechOffice_058.jpg","keywords":["Blogger Series","Cloud","Cyber-security","Government","Microsoft 365","Public Sector","Security"],"articleSection":["Cross-industry"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/cross-industry\/2024\/02\/28\/updated-office-365-security-and-compliance-guidance-for-the-uk-public-sector\/","url":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/cross-industry\/2024\/02\/28\/updated-office-365-security-and-compliance-guidance-for-the-uk-public-sector\/","name":"Updated Microsoft 365 security and compliance guidance for the UK public sector - Microsoft Industry Blogs - United Kingdom","isPartOf":{"@id":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/cross-industry\/2024\/02\/28\/updated-office-365-security-and-compliance-guidance-for-the-uk-public-sector\/#primaryimage"},"image":{"@id":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/cross-industry\/2024\/02\/28\/updated-office-365-security-and-compliance-guidance-for-the-uk-public-sector\/#primaryimage"},"thumbnailUrl":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2024\/02\/CLO22_TechOffice_058.jpg","datePublished":"2024-02-28T12:37:14+00:00","dateModified":"2025-06-19T12:49:41+00:00","description":"Access the latest Microsoft 365 security and compliance guidance, created with the NCSC, for UK public sector customers.","breadcrumb":{"@id":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/cross-industry\/2024\/02\/28\/updated-office-365-security-and-compliance-guidance-for-the-uk-public-sector\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/cross-industry\/2024\/02\/28\/updated-office-365-security-and-compliance-guidance-for-the-uk-public-sector\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/cross-industry\/2024\/02\/28\/updated-office-365-security-and-compliance-guidance-for-the-uk-public-sector\/#primaryimage","url":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2024\/02\/CLO22_TechOffice_058.jpg","contentUrl":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2024\/02\/CLO22_TechOffice_058.jpg","width":800,"height":450,"caption":"Two female office employees work at their PC screens"},{"@type":"BreadcrumbList","@id":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/cross-industry\/2024\/02\/28\/updated-office-365-security-and-compliance-guidance-for-the-uk-public-sector\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/"},{"@type":"ListItem","position":2,"name":"Updated Microsoft 365 security and compliance guidance for the UK public sector"}]},{"@type":"WebSite","@id":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/#website","url":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/","name":"Microsoft Industry Blogs - United Kingdom","description":"","publisher":{"@id":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/#organization","name":"Microsoft Industry Blogs - United Kingdom","url":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2019\/08\/Microsoft-Logo.png","contentUrl":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2019\/08\/Microsoft-Logo.png","width":259,"height":194,"caption":"Microsoft Industry Blogs - United Kingdom"},"image":{"@id":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/posts\/68701","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/users\/483"}],"replies":[{"embeddable":true,"href":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/comments?post=68701"}],"version-history":[{"count":39,"href":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/posts\/68701\/revisions"}],"predecessor-version":[{"id":70731,"href":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/posts\/68701\/revisions\/70731"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/media\/68748"}],"wp:attachment":[{"href":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/media?parent=68701"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/categories?post=68701"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/post_tag?post=68701"},{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/content-type?post=68701"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/coauthors?post=68701"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}