Service Category - Email Protections
Availability - Now
Queensland Government has been adopting Microsoft 365 (M365) to enhance its productivity and collaboration. As a cloud service, M365 has been deployed outside most of the traditional security controls. The increased use of M365 has presented challenges for organisations in maintaining the security of a growing remote workforce and has resulted in the need to employ security controls which are specifically targeted to cloud hosted systems.
To alleviate some of the potential security issues arising from this situation, QGCDG is deploying a whole of Queensland government (WoQG) M365 security monitoring capability based on the Microsoft Azure Sentinel platform. The service enables security alerts from multiple tenancies to be consolidated and monitored by a central team of cyber security analysts with a goal of turning detection in one tenancy into protection in all tenancies.
The WoQG M365 Monitoring and Response Service is comprised of the following key components:
- Microsoft Sentinel - hosted in agency Azure tenancy
Sentinel is a scalable, cloud-native solution delivering intelligent security analytics and threat intelligence across the enterprise providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. As part of the WoQG M365 Monitoring and Response Service, agencies will be required to configure Sentinel in their O365 tenancy to at least a base level configuration. Configuration to a base level incurs no additional charges.
- Microsoft Lighthouse - hosted in a CSU managed Azure tenancy
Azure Lighthouse enables the centralised visibility of the security status of multiple agency M365 environments. QGCDG will work with agencies to connect their individual Sentinel implementations to the Queensland Government Sentinel of Sentinels (SoS). When threats are detected, QGCDG will notify agency security teams and advise what action to take to ensure the threat is neutralised. The intent is to provide actionable advice on what is the highest priority to protect QG organisations.
- Threats detected against one M365 tenancy can rapidly and efficiently be turned into protections for all other QG O365 tenancies. Using shared process and threat intelligence the Queensland Government can have better confidence that risks are being detected and managed in all M365 tenancies.
- Reduces the likelihood of unauthorised access to private, personal and confidential information resulting in disruption of business operations and potential reputational damage to an organisation by increasing phishing attack detection.
- Enhance in-house ICT resources by leveraging a centralised set of cyber security people, processes, technologies and guidance to enhance protection of all QG M365 tenancies.
- Low barrier to entry - minimise costs by utilising Sentinels free data ingestion facility (limited to M365 data) and free data retention period of 90 days.
- Utilising this service will help to enable QG organisations to meet their obligations as specified under the Information security policy (IS18:2018) and improve cyber security maturity.
- Security event data utilised by Sentinel does not include message content ensuring confidentiality and privacy of agency data is preserved. Central access to agency M365 tenancy message logs enable early warning of malicious email activity, even prior to recipient’s interaction with the email.
- Increased visibility of O365 threats such as phishing and business email compromise without impacting inhouse support capacity / capability.
- Scalable, cloud-native solution delivering intelligent security analytics and threat intelligence across the enterprise and providing a single solution for
alert detection, threat visibility, proactive hunting, and threat response.
- QGCDG can provide assistance with the installation and configuration of Sentinel if required.
Eligibility and Funding
Queensland Government Agencies
Government Owned Corporation (GOC)
* This service is available to all organisations covered by the QG Microsoft Enterprise Licence Agreement (ELA).
DMARC Monitoring Service
Agencies can utilise a vendor provided DMARC (Domain-Based Message Authentication Reporting and Conformance) service platform called DMARC Analyzer. The service allows organisations to monitor their email channels with greater visibility, enabling them to see what emails are being sent and received and the reputation of those emails. DMARC provides a method to block malicious emails being sent via an organisation’s domains to protect their clients and customers from spoofed domain messages and phishing attacks.
Vulnerability Management CoP
The Vulnerability Management Community of Practice (CoP) consists of an organised group of ICT professionals from Queensland Government agencies who meet on a regular basis to collaborate and share information, improve their cyber security skills, and actively work on advancing their general knowledge of Vulnerability Management.
Please visit the M365 Service Implementation and Support resources for instructions on how to commence onboarding this service or contact your Qld Government Cyber Security Unit representative at CyberSecurityUnit@qld.gov.au should you require further information.
The Cyber Security Unit Partnership Arrangement details the collaborative approach between the CSU and the Client to promote the uptake of Cyber Security Services with the aim of increasing the protection of the Queensland Government information systems from cyber security threats.