We’ve adopted Microsoft 365 (M365) to enhance productivity and collaboration. As a cloud service, M365 has been deployed outside most of the traditional security controls. Due to a growing remote workforce a need has been identified to reduce risk by employing security controls specifically targeted to cloud hosted systems.
The Microsoft Azure Sentinel platform enables security alerts to be consolidated and monitored by cyber security analysts.
Watch a video-overview for more detailed information about this service.
The Whole of Government M365 Monitoring and Response Service is comprised of the two key components.
Microsoft Sentinel hosted in agency Azure tenancy
Sentinel is a scalable, cloud-native solution delivering security analytics and threat intelligence in a single solution for alert detection, threat visibility, proactive hunting, and threat response. As part of the Whole of Government M365 monitoring and response service, agencies will be required to configure Sentinel in their Office 365 tenancy to at least a base level configuration. Configuration to a base level incurs no additional charges.
Microsoft Lighthouse hosted in a Cyber Security Unit managed Azure tenancy
Azure Lighthouse enables the centralised visibility of the security status of multiple agency M365 environments. QGCDG will work with agencies to connect their individual Sentinel implementations to the Queensland Government Sentinel of Sentinels (SoS). When threats are detected, QGCDG will notify agency security teams and advise what action to take to ensure the threat is neutralised. The intent is to provide actionable advice on the highest priority threats to protect QG organisations.