ASD Conditional Access policies comparison script

I have taken the ASD Conditional Access policy recommendations here:

https://blueprint.asd.gov.au/configuration/entra-id/protection/conditional-access/policies/

and created a script here:

https://github.com/directorcia/Office365/blob/master/asd-ca-get.ps1

that will compare your existing Conditional Access configuration to what the ASD recommends and tell you what you should consider changing to bring your policies more in alignment with those from the ASD.

Above, you’ll see one policy evaluation and recommendation outputted to a HTML file for easy reading.

The documentation for the script is here:

https://github.com/directorcia/Office365/wiki/ASD-Conditional-Access-Policy-Evaluation-Script

I look forward to hearing what you experience is using my script.

ASD iOS Compliance policy check script

I’ve taken the iOS Compliance policy settings recommendations from the ASD Blueprint for Secure Cloud and created an online JSON settings file here:

https://github.com/directorcia/bp/blob/main/Intune/Policies/ASD/ios-compliance.json

I’ve then created a PowerShell script here:

https://github.com/directorcia/Office365/blob/master/asd-ioscomp-get.ps1

with documentation here:

https://github.com/directorcia/Office365/wiki/ASD-iOS-Compliance-Policy-Check

that reads the online JSON file (or uses a local version if you want to use that) and compares the recommended ASD settings to those in your own Intune environment. Note, the script makes NO CHANGES to your environment, it simply reads the current settings.

It then produces the console output you see above and a HTML report like this:

You can refer to this page I also created:

https://github.com/directorcia/bp/wiki/iOS-Compliance-Policy-Settings-%E2%80%90-Security-Rationale

as to why these settings are important to the security of your M365 environment.

Look out for more scripts like this coming soon. I welcome any suggestion about improving this.

CIA Brief 20251123

Microsoft 365 powered by Work IQ: Built to Support How You Work –

https://www.youtube.com/watch?v=ve66gLVYaRw

Ignite 2025: What’s new in Microsoft Defender? –

https://techcommunity.microsoft.com/blog/MicrosoftThreatProtectionBlog/ignite-2025-whats-new-in-mic…

Sensitivity labels preservation and SharePoint ACLs in Azure AI Search –

https://techcommunity.microsoft.com/blog/azure-ai-foundry-blog/sensitivity-labels-preservation-and-…

Get a jump start on employee service delivery with Employee Self-Service Agent in M365 Copilot –

https://techcommunity.microsoft.com/blog/microsoft365copilotblog/get-a-jump-start-on-employee-servi…

Scale with Ease: Simplified Setup and Management for Connectors –

https://techcommunity.microsoft.com/blog/microsoft365copilotblog/scale-with-ease-simplified-setup-a…

Copilot Notebooks Now Available for Microsoft 365 Personal, Family, and Premium Accounts –

https://techcommunity.microsoft.com/blog/microsoft_365blog/copilot-notebooks-now-available-for-micr…

Introducing new Microsoft 365 Copilot agents to drive workforce transformation –

https://techcommunity.microsoft.com/blog/microsoft365copilotblog/introducing-new-microsoft-365-copi…

Microsoft Ignite – Opening Keynote –

https://www.youtube.com/watch?v=TUeET4zY95c

Windows 365 – New app window only mode, agent automation & reserve options –

https://www.youtube.com/watch?v=RHXAEFJ2cFQ

Synced Passkeys in Microsoft Entra for Phishing-resistant MFA –

https://www.youtube.com/watch?v=36nIaSBJ7_U

SharePoint Showcase: Announcements at Microsoft Ignite 2025 –

https://techcommunity.microsoft.com/blog/spblog/sharepoint-showcase-announcements-at-microsoft-igni…

Microsoft Ignite 2025: Transforming Phishing Response with Agentic Innovation –

https://techcommunity.microsoft.com/blog/MicrosoftDefenderforOffice365Blog/microsoft-ignite-2025-tr…

Introducing Project Opal: A New Way to Get Task-Based Work Done –

https://techcommunity.microsoft.com/blog/microsoft365copilotblog/introducing-project-opal-a-new-way…

Edge for Business presents: the world’s first secure enterprise AI browser –

https://blogs.windows.com/msedgedev/2025/11/18/edge-for-business-presents-the-worlds-first-secure-e…

From idea to deployment: The complete lifecycle of AI on display at Ignite 2025 –

https://blogs.microsoft.com/blog/2025/11/18/from-idea-to-deployment-the-complete-lifecycle-of-ai-on…

Microsoft Ignite 2025: Copilot and agents built to power the Frontier Firm –

https://www.microsoft.com/en-us/microsoft-365/blog/2025/11/18/microsoft-ignite-2025-copilot-and-age…

Ignite 2025: Microsoft Defender now prevents threats on endpoints during an attack –

https://techcommunity.microsoft.com/blog/microsoftdefenderatpblog/ignite-2025-microsoft-defender-no…

Why Microsoft Copilot Studio is the foundation for agentic business transformation –

https://www.microsoft.com/en-us/microsoft-copilot/blog/copilot-studio/why-microsoft-copilot-studio-…

https://www.microsoft.com/en-us/power-platform/blog/2025/11/18/inside-the-new-power-apps-the-future-of-app-development/ –

https://www.microsoft.com/en-us/power-platform/blog/2025/11/18/inside-the-new-power-apps-the-future…

Ignite’25 Spotlight: Announcing Microsoft Baseline security mode –

https://techcommunity.microsoft.com/blog/microsoft_365blog/ignite%E2%80%9925-spotlight-announcing-m…

Copilot readiness and resiliency with Microsoft 365: Ignite 2025 Edition –

https://techcommunity.microsoft.com/blog/spblog/copilot-readiness-and-resiliency-with-microsoft-365…

Introducing Microsoft 365 Copilot Business: Empowering Small and Medium Businesses with AI –

https://techcommunity.microsoft.com/blog/microsoft365copilotblog/introducing-microsoft-365-copilot-…

Agents built into your workflow: Get Security Copilot with Microsoft 365 E5 –

https://www.microsoft.com/en-us/security/blog/2025/11/18/agents-built-into-your-workflow-get-securi…

Preparing for what’s next: Windows security and resiliency innovations help organizations mitigate risks, recover faster and prepare for the era of AI –

https://blogs.windows.com/windowsexperience/2025/11/18/preparing-for-whats-next-windows-security-an…

Security Copilot for SOC: bringing agentic AI to every defender –

https://techcommunity.microsoft.com/blog/MicrosoftThreatProtectionBlog/security-copilot-for-soc-bri…

Available today: OpenAI’s Sora 2 in Microsoft 365 Copilot –

https://techcommunity.microsoft.com/blog/microsoft365copilotblog/available-today-openais-sora-2-in-…

Announcing Public Preview: Exchange Online Admin API –

https://techcommunity.microsoft.com/blog/exchange/announcing-public-preview-exchange-online-admin-a…

New Compliance Solutions in Microsoft Sentinel: HIPAA & GDPR Reports –

https://techcommunity.microsoft.com/blog/microsoftsentinelblog/new-compliance-solutions-in-microsof…

Collaborative Research by Microsoft and NVIDIA on Real-Time Immunity –

https://techcommunity.microsoft.com/blog/microsoft-security-blog/collaborative-research-by-microsof…

Inside the world’s most powerful datacenter (2025) — Satya Nadella –

https://www.youtube.com/watch?v=8aBKVrLX0Dc

After hours

How to Escape Alcatraz With Basic Engineering– https://www.youtube.com/watch?v=pLtHyLlLt4Y

Editorial

If you found this valuable, the I’d appreciate a ‘like’ or perhaps a donation at https://ko-fi.com/ciaops. This helps me know that people enjoy what I have created and provides resources to allow me to create more content. If you have any feedback or suggestions around this, I’m all ears. You can also find me via email director@ciaops.com and on X (Twitter) at https://www.twitter.com/directorcia.

If you want to be part of a dedicated Microsoft Cloud community with information and interactions daily, then consider becoming a CIAOPS Patron – www.ciaopspatron.com.

Watch out for the next CIA Brief next week

ASD Windows Compliance policy check script

I’ve taken the Windows Compliance policy settings recommendations from the ASD Blueprint for Secure Cloud and created an online JSON settings file here:

https://github.com/directorcia/bp/blob/main/Intune/Policies/ASD/windows-compliance.json

I’ve then created a PowerShell script here:

https://github.com/directorcia/Office365/blob/master/asd-wincomp-get.ps1

with documentation here:

https://github.com/directorcia/Office365/wiki/Windows-Compliance-Policy-Check

It then produces the console output you see above and a HTML report like this:

You can refer to this page I also created:

https://github.com/directorcia/bp/wiki/indows-Compliance-Policy-Settings-%E2%80%90-Security-Rationale

as to why these settings are important to the security of your M365 environment.

Look out for more scripts like this coming soon. I welcome any suggestion about improving this.

Need to Know podcast–Episode 355

In this episode of the Need to Know Podcast, we explore the evolving landscape of learning in the Microsoft Cloud ecosystem, with a spotlight on the SMB market. From the latest in Microsoft 365 Copilot innovations to critical cybersecurity updates and the end of CIAOPS Academy, this episode delivers essential insights for IT professionals and business leaders navigating the modern digital workplace.

Brought to you by www.ciaopspatron.com

you can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-355-learning-reboot/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

or Spotify:

https://open.spotify.com/show/7ejj00cOuw8977GnnE2lPb

Don’t forget to give the show a rating as well as send me any feedback or suggestions you may have for the show.

Resources

Explore the tools, communities, and content mentioned in this episode:

CIAOPS Need to Know Podcast: https://ciaops.podbean.com/
CIAOPS Blog: https://blog.ciaops.com/
CIAOPS Labs: https://blog.ciaopslabs.com/
CIAOPS Brief: https://blog.ciaops.com/tag/cia-brief/
Join the Teams Shared Channel: https://blog.ciaops.com/2022/07/29/join-my-teams-shared-channel/
CIAOPS Merch Store: https://my-store-c5d877-2.creator-spring.com/
Become a Patron: https://www.ciaopspatron.com/
Direct Support: https://ko-fi.com/ciaops
Get Your M365 Questions Answered: https://blog.ciaops.com/2025/06/11/get-your-m365-questions-answered-via-email-2/
Test Your Microsoft 365 Speed: https://blog.ciaops.com/2025/07/21/test-your-microsoft-365-speed-in-seconds-for-free/
CIAOPS Email list – https://bit.ly/cia-email

Announcements

Flight School: Mastering Copilot for IT Pros – https://blog.ciaops.com/2025/11/14/flight-school-mastering-copilot-for-it-pros/
Disabling Office Macros via ASR to Meet Essential Eight Requirements – https://blog.ciaops.com/2025/11/13/disabling-office-macros-via-asr-to-meet-essential-eight-requirements/
ASD OWA settings check script – https://blog.ciaops.com/2025/11/13/asd-owa-settings-check-script/
ASD Mailflow settings check script – https://blog.ciaops.com/2025/11/12/asd-mailflow-settings-check-sript/
CIAOPS Academy deprecation notification – https://blog.ciaops.com/2025/11/10/ciaops-academy-deprecation-notification/

Show Notes

The next chapter of the Microsoft–OpenAI partnership –

https://blogs.microsoft.com/blog/2025/10/28/the-next-chapter-of-the-microsoft-openai-partnership/

Automate with Workflows Agent in Microsoft 365 Copilot (Frontier) –

https://www.youtube.com/watch?v=Vvk1ScZT-lo

Introducing Researcher with Computer Use in Microsoft 365 Copilot –

https://techcommunity.microsoft.com/blog/microsoft365copilotblog/introducing-researcher-with-comput…

Build apps in minutes with App Builder agent in Microsoft 365 Copilot (Frontier) –

https://www.youtube.com/watch?v=v27H_R1ltB0

Microsoft 365 Copilot now enables you to build apps and workflows –

https://www.microsoft.com/en-us/microsoft-365/blog/2025/10/28/microsoft-365-copilot-now-enables-you

Introducing Teams Mode for Microsoft 365 Copilot –

https://techcommunity.microsoft.com/blog/microsoft365copilotblog/introducing-teams-mode-for-microso…

Introducing MAI-Image-1, debuting in the top 10 on LMArena –

https://microsoft.ai/news/introducing-mai-image-1-debuting-in-the-top-10-on-lmarena/

Building human-centric security skills for AI –

https://techcommunity.microsoft.com/blog/microsoftlearnblog/building-human-centric-security-skills-…

GenAI vs Cyber Threats: Why GenAI Powered Unified SecOps Wins –

https://techcommunity.microsoft.com/blog/microsoft-security-blog/genai-vs-cyber-threats-why-genai-p…

What’s new in Microsoft 365 Copilot | October 2025 –

https://techcommunity.microsoft.com/blog/Microsoft365CopilotBlog/what%E2%80%99s-new-in-microsoft-36…

The 5 generative AI security threats you need to know about detailed in new e-book –

https://www.microsoft.com/en-us/security/blog/2025/10/30/the-5-generative-ai-security-threats-you-n…

SharePoint Showcase highlights: Smarter Copilot responses using metadata with the Knowledge Agent –

https://techcommunity.microsoft.com/blog/microsoft365insiderblog/sharepoint-showcase-highlights-sma…

Work smarter with Copilot in the People, Files, and Calendar apps –

https://techcommunity.microsoft.com/blog/microsoft365insiderblog/work-smarter-with-copilot-in-the-p…

The weakest link: Stolen staff passwords now the biggest cyber threat to workplaces –

https://www.smh.com.au/politics/federal/the-weakest-link-stolen-staff-passwords-now-the-biggest-cyb…

Cyber security priorities for boards of directors 2025-26 –

https://www.cyber.gov.au/business-government/protecting-business-leaders/cyber-security-for-busines…

Secure external attachments with Purview encryption –

https://techcommunity.microsoft.com/blog/azurepurviewblog/secure-external-attachments-with-purview-…

What’s New in Microsoft Intune: October 2025 –

https://techcommunity.microsoft.com/blog/microsoftintuneblog/what%E2%80%99s-new-in-microsoft-intune…

Custom detections are now the unified experience for creating detections in Microsoft Defender –

https://techcommunity.microsoft.com/blog/microsoftthreatprotectionblog/custom-detections-are-now-th…

10 ways Microsoft Intune supports a smooth upgrade to Windows 11 –

https://techcommunity.microsoft.com/blog/microsoftintuneblog/10-ways-microsoft-intune-supports-a-sm…

How Windows 11 and AI are transforming the future of work –

https://techcommunity.microsoft.com/blog/windows-itpro-blog/how-windows-11-and-ai-are-transforming-…

Security Copilot Agents: The New Era of AI, Driven Cyber Defense –

https://techcommunity.microsoft.com/blog/microsoft-security-blog/security-copilot-agents-the-new-er…

6 truths about migrating Microsoft Sentinel to the Defender portal –

https://techcommunity.microsoft.com/blog/microsoftsentinelblog/6-truths-about-migrating-microsoft-s…

Microsoft named a Leader in the 2025 Gartner® Magic Quadrant™ for SIEM –

https://www.microsoft.com/en-us/security/blog/2025/10/16/microsoft-named-a-leader-in-the-2025-gartn…

Extortion and ransomware drive over half of cyberattacks –

https://blogs.microsoft.com/on-the-issues/2025/10/16/mddr-2025/

Microsoft 365 Insider Round-Up: October 2025 –

https://www.linkedin.com/pulse/microsoft-365-insider-round-up-october-2025-microsoft-365-insider-ub…

Making every Windows 11 PC an AI PC –

https://blogs.windows.com/windowsexperience/2025/10/16/making-every-windows-11-pc-an-ai-pc/

Microsoft raises the bar: A smarter way to measure AI for cybersecurity –

https://www.microsoft.com/en-us/security/blog/2025/10/14/microsoft-raises-the-bar-a-smarter-way-to-…

Building a lasting security culture at Microsoft –

https://www.microsoft.com/en-us/security/blog/2025/10/13/building-a-lasting-security-culture-at-mic…

Satya – My annual letter: Thinking in decades, executing in quarters –

https://www.linkedin.com/pulse/my-annual-letter-thinking-decades-executing-quarters-satya-nadella-7…

CIA Brief 20251115

Improved search dropdown placement in OneNote on Windows –

https://techcommunity.microsoft.com/blog/Microsoft365InsiderBlog/improved-search-dropdown-placement…

Microsoft Defender for Office 365: Fine-Tuning –

https://techcommunity.microsoft.com/blog/microsoftdefenderforoffice365blog/microsoft-defender-for-o…

GPT‑5.1 in Foundry: A Workhorse for Reasoning, Coding, and Chat –

https://techcommunity.microsoft.com/blog/azure-ai-foundry-blog/gpt%E2%80%915-1-in-foundry-a-workhor…

Microsoft 365 Insider Round-Up: November 2025 –

https://www.linkedin.com/pulse/microsoft-365-insider-round-up-november-2025-microsoft-365-insider-r…

Ignite 2025: New Microsoft Sentinel Connectors Announcement –

https://techcommunity.microsoft.com/blog/microsoftsentinelblog/ignite-2025-new-microsoft-sentinel-c…

Riding the AI Wave: How Microsoft Entra is Evolving for the Agentic Era –

https://techcommunity.microsoft.com/blog/microsoft-entra-blog/riding-the-ai-wave-how-microsoft-entr…

Excel Frontier: Unlocking Agent Mode for Smarter, Autonomous Spreadsheets –

https://techcommunity.microsoft.com/blog/microsoft365copilotblog/excel-frontier-unlocking-agent-mod…

After hours

Top AI researchers look beyond LLMs – https://www.youtube.com/watch?v=mJbFcdaZNcc

Editorial

If you want to be part of a dedicated Microsoft Cloud community with information and interactions daily, then consider becoming a CIAOPS Patron – www.ciaopspatron.com.

Watch out for the next CIA Brief next week

Flight School: Mastering Copilot for IT Pros

Join us for an immersive 5-day virtual training designed exclusively for IT Professionals and Managed Service Providers from the 12 – 16 January 2026. This isn’t just another webinar—it’s a hands-on, deep dive into how Microsoft Copilot can transform the way you manage, automate, and secure your IT environment.

What you’ll gain:

* Master Copilot’s capabilities for IT operations, security, and automation.

* Learn practical workflows that save time and boost efficiency.

* Explore advanced scenarios for troubleshooting and compliance.

* Future-proof your skills with insights into emerging Copilot integrations.

Why attend?

* Live, interactive sessions with real-world demos.

* Expert-led guidance tailored for IT Pros and MSPs.

* Actionable takeaways you can implement immediately.

Format:

* 5 consecutive days

* 2 hours per day

* Delivered remotely via Microsoft Teams. Recording available after session.

Your Copilot journey starts here—are you ready to take off If so, register your interest here – http://bit.ly/ciaopsroi. Early bird discounts until 12 December 2025.

Prices

Patron level	RRP	GST	ex GST	Saving
None	$399.00	$36.27	$362.73
Bronze	$199.00	$18.09	$180.91	$200.00
Silver	$99.00	$9.00	$90.00	$300.00
Gold	$49.00	$4.45	$44.55	$350.00

ASD OWA settings check script

I’ve taken the Exchange Online Outlook web app policies settings recommendations from the ASD Blueprint for Secure Cloud and created an online JSON settings file here:

https://github.com/directorcia/bp/blob/main/ASD/Exchange-Online/Roles/owamail.json

I’ve then created a PowerShell script here:

https://github.com/directorcia/Office365/blob/master/asd-owamail-get.ps1

with documentation here:

https://github.com/directorcia/Office365/wiki/ASD-OWA-Mailbox-Configuration-Check

that reads the online JSON file (or uses a local version if you want to use that) and compares the recommended ASD settings to those in your own Exchange Online environment. Note, the script makes NO CHANGES to your environment, it simply reads the current settings.

It then produces the console output you see above and a HTML report like this:

You can refer to this page I also created:

https://github.com/directorcia/bp/wiki/Exchange-Online-OWA-Mailbox-Security-Controls

as to why these settings are important to the security of your M365 environment.

Look out for more scripts like this coming soon. I welcome any suggestion about improving this.