About Essential 8 Guide

Essential 8 Guide is a free, community resource providing implementation guidance for the Australian Cyber Security Centre’s (ACSC) Essential Eight controls in Microsoft environments.

What is the Essential Eight?

The Essential Eight is a prioritised list of cybersecurity mitigation strategies developed by the ACSC. These strategies help organisations protect their systems against a range of cyber threats and are considered baseline security measures for Australian government agencies and businesses.

What This Site Provides

This guide offers practical, step-by-step implementation guidance for each ISM (Information Security Manual) control, including:

• Summary – Quick overview of what the control requires
• Design Decisions – Recommended approach for Microsoft environments
• Prerequisites – Licensing, permissions, and dependencies needed
• Implementation Steps – Detailed instructions using Microsoft Intune, Entra ID, Defender, and other Microsoft tools

Who Is This For?

• IT administrators implementing Essential Eight controls
• Security professionals assessing compliance
• MSPs managing client security posture
• Anyone working with Microsoft 365 and Azure security

Maturity Levels

Controls are tagged with Essential Eight maturity levels:

Level	Description
ML1	Maturity Level 1 – Partly aligned
ML2	Maturity Level 2 – Mostly aligned
ML3	Maturity Level 3 – Fully aligned

PSPF Classifications

Controls also include PSPF (Protective Security Policy Framework) classification levels where applicable:

• NC – Non-Classified
• OS – OFFICIAL: Sensitive
• P – PROTECTED
• S – SECRET
• TS – TOP SECRET

Disclaimer

This guide is provided for informational purposes only. Always validate implementations against your organisation’s specific requirements and consult official ACSC and Microsoft documentation.

Links

• ACSC Essential Eight
• Microsoft Essential Eight Documentation
• Information Security Manual (ISM)

---

Built with Jekyll and hosted on GitHub Pages.