We have partnered with the Central Digital and Data Office and the National Cyber Security Centre (NCSC) to improve the collaboration experience for UK government organisations by creating a Collaboration Blueprint. The Cross-Government Collaboration Blueprint was created by focussing on key scenarios developed in consultation with several government organisations and is designed to be used in addition to the existing Office 365 Security and Compliance Blueprint, as well as the BYOD Guidance we published previously.
Many government organisations have chosen Microsoft 365 as their primary collaboration platform. This offers a great opportunity to harness the secure and modern functionality of cloud services and enable rich collaboration between people in different organisations. However, when we consulted a broad group of end users from across government, we found that there was an inconsistent user experience when working with colleagues from other organisations due to differences in configuration.
We determined that a baseline configuration for government organisations would enable a more consistent and secure approach to collaboration. The recommended configuration we’ve produced focuses on these key areas:
- Keeping control of documents and allowing real time co-authoring by sharing links rather than sending documents as email attachments.
- Making it easier to arrange meetings by allowing people to share their calendar availability across government.
- Allowing people to work more effectively as a team by enabling instant messaging and other features of Microsoft Teams.
Crucially, we’ve recommended an open approach to collaboration by default, giving users the freedom to choose who they collaborate with. This is a move away from a more restrictive ‘allow list’ approach which can create barriers to collaboration.
Does this approach make it less secure? No. Here’s what the NCSC have said:
“By following the Secure Configuration Alignment and applying the cross-government collaboration guidance on top, it is the NCSC’s view that Microsoft 365 can be appropriately configured to protect an organisation’s data against the threat profile for the OFFICIAL classification when collaborating and sharing information between government departments. The NCSC expects that guidance related to collaboration and security is implemented in its entirety to avoid gaps and weaknesses leading to increased risk of a data breach.
The NCSC believes that modern cross-organisation collaboration services that share access to information via its originating system will be more secure than traditional methods such as sending copies as email attachments to external organisations. By using modern collaboration practices, such as those described in this guidance, organisations have greater auditing and visibility of how their data is being handled and more options for owning who and where their information is handled.”
The Blueprint is intended to be a baseline, upon which individual organisations can build. For example, if an organisation identifies specific needs that aren’t met by the Blueprint, there is flexibility for them to go further and implement even tighter controls, be mindful that this could impact on people’s collaboration experience.
The Cross-Government Collaboration Blueprint includes a Strategy Document, which provides the rationale and context behind the baseline configuration and a Technical Guide which contains the recommended configuration to enable a consistent collaboration experience. Five central government organisations have already piloted the configuration, and others are now encouraged to follow.
The Blueprint is available today for any organisation who works in or with UK Government and is intended to be updated over time.
Download the documents:
About the authors
James has spent his entire IT career of 25 years specialising in the security arena, the last 20 of which have been for Microsoft. Based in the UK, he works in the key areas of security and identity in the public sector as a Cyber Cloud Solutions Architect. He is a regular contributor to Microsoft docs for Securing Privileged Access and was the lead architect for the Office 365 and BYOD guidance produced for Cabinet Office and NCSC.
Steve is an experienced IT Professional with over 20 years’ experience, working with clients across the world in multiple industries helping them achieve their goals in digital transformation. He is focussed on Microsoft Modern Work services and technology such as Microsoft 365.