M365 visibility dashboard service

Queensland Government agencies administer over 100 separate Microsoft 365 (M365) and Azure tenancies which underpin office productivity and collaboration services across government. The distributed nature of these disparate environments means there is duplication of effort across multiple agencies in improving their cyber security posture, as well as lack of visibility of the adoption, posture, and performance of these environments from a Whole of Queensland Government (WoQG) perspective.

To address this, the Queensland Government Customer and Digital Group (QGCDG) has developed the M365 Visibility Dashboarding service to assist Queensland Government entities in gaining a better understanding of their Microsoft 365 security posture initiatives relative to other Queensland Government organisations via a WoQG consolidated dashboard. This service is available free of charge to all Queensland Government entities including Agencies, Statutory Bodies, Local Government Authorities and Government Owned Corporations.

The M365 Visibility Dashboarding initiative is a multi-stage project which utilises security components already available within all Microsoft 365 tenancies. Phase One of the project (this offering) uses Microsoft Secure Score and provides organisations access to a consolidated M365 Visibility Dashboard where they can view their own Secure Score against the average score of Queensland Government entities, as well as receive actionable recommendations on how to improve their security posture.

Microsoft Secure Score reports a numerical summary of an organisations’ security posture based on system configurations, user behaviour, and other security-related measurements. A Secure Score is a measurement of an entity’s security posture, with a higher number indicating more improvement actions taken.

QGCDG is also in the process of developing Phase 2 of this service which will utilise Microsoft Compliance Manager to significantly reduce workloads associated with IS18 Essential Eight annual reporting and compliance activities. Note this feature is still in development and does not form part of the current offering.

Using this service helps enable Queensland Government organisations to meet their obligations as specified under the Information Security Policy (IS18:2018) and improve cyber security maturity.

Business benefits

• Access to a consolidated M365 Visibility Dashboard will enable organisations to view their own Secure Score against the Queensland Government average score to assist with prioritising local cyber security initiatives.
• Enhanced collective understanding of the security posture and risk exposure of Queensland Government Microsoft 365 and Azure tenancies will assist in maintaining and improving the delivery of safe and reliable services to citizens.
• Reduce future workloads associated with IS18 Essential Eight annual reporting and compliance activities.

Technical benefits

• Automated recommendations on how to improve your organisations security posture.
• Reduced duplication of effort across multiple tenancies in improving cyber security posture through development and promotion of repeatable patterns and practices.
• Identify and leverage better cyber security practices from leading Queensland Government organisations.

All government agencies and related bodies are eligible to access this service.

Complete the M365 Visibility Dashboarding service application form to onboard this service or contact your Qld Government Cyber Security Unit representative at CyberSecurityUnit@qld.gov.au should you require any further information.