Introduction to Secure Cloud Business Application's (SCuBA) Microsoft 365 Secure Configuration Baselines & ScubaGear

Experts from CISA, Microsoft and Mitre will provide workshop attendees insight into the final version of CISA’s soon-to-be-released Microsoft 365 (M365) security configuration baselines (SCBs) and the latest version of ScubaGear, an automation tool that compares M365 tenant configurations against CISA’s recommended SCBs. Developed by CISA in response to the SolarWinds cyber incident, the M365 SCBs and ScubaGear are helping federal agencies secure information assets stored within cloud environments through consistent, effective, modern, and manageable security configurations. SCuBA’s M365 SCBs and ScubaGear enable agencies to easily leverage M365 cloud security best practices.

Those who will benefit from participating in this workshop are individuals who are charged with supporting or managing their organization’s M365 deployments and security posture. During this two-day workshop, the M365 experts will present the scope and intended purpose of the SCuBA-developed SCBs—more than 200 in total—for the following M365 products:

• Azure AD
• Microsoft Defender
• Microsoft Exchange
• Microsoft Teams
• Power Platform
• PowerBI
• SharePoint/OneDrive

The experts also will present a demo of the latest version of the ScubaGear automated configuration-checking tool.

NOTE: Attendance at this two-day workshop is strictly limited to federal employees and contractors at U.S. government agencies. You must register using a .gov or .mil email address to be eligible to attend this workshop. All registrations without a government email address will be denied.

Attendees to this workshop will learn the following information:   

• Update-to-date Information on Latest CISA M365 SCBs: Learn how the SCBs were modified to incorporate the feedback provided by government organizations and public-sector entities.
• Key Guidance for Government Agencies: Understand how the 200+ SCBs will raise the bar on the security of your agency’s M365 deployment.  
• ScubaGear Demo: See how the automated configuration-assessment tool can help your agency quickly align its configurations with the CISA-recommended SCBs.
• Piloting Agency Testimonial: Hear how a prominent federal agency piloted the M365 SCBs and ScubaGear and their key takeaways from their testing experience and continued SCB implementation.  

Event Logistics:  

• Dates: Wednesday, March 20, and Thursday, March 21, 2024 
  • Day 1—8:30 a.m.–3:15 p.m. ET; Day 2—8:00 a.m.–12 p.m. ET
• Location: Hybrid In-person/Online via Teams
  • In-person Location: Mitre, 7515 Colshire Drive, McLean, VA 22101
  • The onsite check-in desk will open at 8:30 a.m. and 8:00 a.m. each workshop date.
• Note: Audio and video will be accessible through Microsoft Teams; dial-in also will be available through Teams. Previously recorded CISA-sponsored webinars and workshops are available on the CISA YouTube channel for playback in other languages, if required.