Many organisations work to attain Cyber Essentials to show their commitment to keeping their and their customer’s data secure. With most organisations using Microsoft technologies, it’s logical to consider using the existing tools you have to gain Cyber Essentials. In this article, we outline how you can achieve Cyber Essentials using Microsoft solutions (and a few other products) alongside internal processes.
Insights
Achieving Cyber Essentials with Microsoft technologies
About Cyber Essentials
Attaining Cyber Essentials or Cyber Essentials Plus, shows that your organisation takes a proactive stance against cyber security threats and ensures that you have the foundational security measures in place to protect yourself against common attacks. You can read more on this in our introduction “Cyber Essentials overview and requirements”.
Using Microsoft for Cyber Essentials
Most organisations already use Microsoft technologies in their workplace. We have outlined how you can use Microsoft solutions to meet the requirements of Cyber Essentials – with a few additional products recommended, such as Zscaler. Of course, the technology is only one part of it. You also need the right processes in place to manage and monitor these technologies. You can find the full Cyber Essentials checklist here) but below we have outlined each of the Cyber Essentials controls and then outlined the Technical Solution or Business Process to meet each requirement.
Cyber Essentials Requirement | Technical Solution of Business Process |
---|---|
Ongoing management of perimeter firewall(s), including patching, reviewing rules, build/configuration SOP. | Cloud-managed firewall solution (we recommend Cisco Meraki) Ongoing managed networking services (Chorus managed service) |
Secure Configuration of computers and network devices:
|
Windows AutoPilot with Intune Security Baselines. Entra ID LAPS. Device re-deployment process. |
Secure configuration of password-based authentication:
|
Identity Protection: Entra ID Password Protection with extension on-premises. Configuration of Entra ID/ Office 365 password policies. Business process to ensure IT is informed when compromise or suspected compromise of user accounts. Produce and maintain a password policy. |
User Access Control:
|
AutoPilot helps ensure users are not admins of their machines. Organisation must have a starter/leaver SOP, which we can help define. Implement Entra ID MFA organisation-wide, including legacy authentication block. Business process to inform when user roles change – SOP to then be created/followed to outline the process for the actions required. MFA for all cloud apps – Integrate cloud apps with Entra ID for SSO. RBAC and PIM for Admins. |
Malware Protection – Anti-malware software:
|
Microsoft Defender for Endpoint – managed by Intune Security Baselines or CSOC. Microsoft SmartScreen – deployed as part of Intune Security Baselines. Defender for Endpoint content filtering. Zscaler for advanced web filtering capabilities. |
Malware Protection – Application Whitelisting
|
Intune/AutoPilot with Native Microsoft Entra Joined. Approved software list. No admin access on machines. Endpoint Privilege Management (EPM) |
Patch Management
|
Intune/AutoPilot with Native Microsoft Entra Joined, enforcing Widows Update for Business and Patch My PC for 3rd-party patches. Microsoft Intune MDM/MAM for mobile devices, to ensure minimum OS requirements. |
Getting Cyber Essentials ready
Before taking the Cyber Essentials certification or when starting on the journey, we recommend carrying out a readiness assessment. This will outline where you stand against the requirements and any gaps you need to take action on. You can read more about the benefits of a Cyber Essentials Readiness Assessment here.
Conclusion
We hope this article has shown how you can use your existing Microsoft products alongside policies and processes to meet the requirements of Cyber Essentials. Of course, the Microsoft products and features will depend on your licensing levels – if you’d like to discuss your Microsoft licensing or attaining Cyber Essentials, please get in touch and we’d be happy to help.