Update secure-configuration.md

Author: adonm

docs/guidelines/secure-configuration.md

@@ -39,13 +39,26 @@ Organisations with Microsoft 365 premium or enterprise licencing should at a min
 ![Security defaults](https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/media/security-defaults/security-defaults-entra-admin-center.png)
 ![Intune enrollment](https://learn.microsoft.com/en-us/mem/intune/fundamentals/media/deployment-guide-enroll/deployment-plan-enroll.png)
 
-This subsequently enables straightforward implementation of the [ACSCs Essential Eight](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight) Microsoft 365 [Cloud Security Guides](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/small-business-cyber-security/small-business-cloud-security-guides) listed below for reference:
+### Essential Eight Implementation
+
+This subsequently enables straightforward implementation of the [ACSCs Essential Eight](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight) Microsoft 365 [Cloud Security Guides](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/small-business-cyber-security/small-business-cloud-security-guides) listed below for reference. The indented links reference security platforms and tools that have been seen to simplify establishment and monitoring of controls as per the [ACSC Essential Eight Process Guide](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight/essential-eight-assessment-process-guide) and introduce low [Supply Chain Risk](../guidelines/supply-chain-risk-mgmt.md).
 
 - [Application control](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/small-business-cyber-security/small-business-cloud-security-guide/technical-example-application-control)
-- [Patch applications](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/small-business-cyber-security/small-business-cloud-security-guide/technical-example-patch-applications)
+    - [AirLock Digital](https://www.airlockdigital.com), [Ivanti Application Control](https://www.ivanti.com/en-au/products/application-control), [Trend Vision One Application Control](https://docs.trendmicro.com/en-us/documentation/article/trend-vision-one-application-control_001) or [VMWare Carbon Black App Control](https://www.vmware.com/products/app-control.html)
+- [Patch operating systems](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/small-business-cyber-security/small-business-cloud-security-guide/technical-example-patch-operating-system), [Patch applications](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/small-business-cyber-security/small-business-cloud-security-guide/technical-example-patch-applications)
+    - [Microsoft Defender Vulnerability Management](https://learn.microsoft.com/en-us/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management?view=o365-worldwide), [Tenable Vulnerability Management](https://www.tenable.com/products/tenable-io), [Rapid7 InsightVM](https://www.rapid7.com/products/insightvm/), [Qualys Vulnerability
+Management](https://www.qualys.com/apps/vulnerability-management-detection-response/), [Ivanti Neurons for ASOC](https://www.ivanti.com/products/ivanti-neurons-for-asoc)
 - [Configure macro settings](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/small-business-cyber-security/small-business-cloud-security-guide/technical-example-configure-macro-settings)
+    - Migrate from legacy macros to [Office Scripts and Power Automate](https://learn.microsoft.com/en-us/office/dev/scripts/develop/power-automate-integration?tabs=run-script)
 - [User application hardening](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/small-business-cyber-security/small-business-cloud-security-guide/technical-example-user-application-hardening)
+    - Block [newly registered domains (over 70% are malicious)](https://unit42.paloaltonetworks.com/newly-registered-domains-malicious-abuse-by-bad-actors/) with [Web Content Filtering](https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/web-content-filtering?view=o365-worldwide) (this eliminates 
 - [Restrict administrative privileges](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/small-business-cyber-security/small-business-cloud-security-guide/technical-example-restrict-administrative-privileges)
-- [Patch operating systems](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/small-business-cyber-security/small-business-cloud-security-guide/technical-example-patch-operating-system)
-- [Multi-factor authentication](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/small-business-cyber-security/small-business-cloud-security-guide/technical-example-multi-factor-authentication)
+    - Use [Administrative Units](https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/administrative-units) to partition management scopes
+    - Run shared devices in [Kiosk Mode](https://learn.microsoft.com/en-us/mem/intune/configuration/kiosk-settings) with local unprivileged users
+- [Multi-factor authentication](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/small-business-cyber-security/small-business-cloud-security-guide/technical-example-multi-factor-authentication) - Once Azure AD configured well, below migrations will get data into MFA protected locations
+    - [Migrate file shares to OneDrive, Teams, and SharePoint](https://learn.microsoft.com/en-us/sharepointmigration/fileshare-to-odsp-migration-guide)
+    - [Migrate Microsoft Access data to Microsoft Dataverse](https://learn.microsoft.com/en-us/power-apps/maker/data-platform/migrate-access-to-dataverse)
 - [Regular backups](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/small-business-cyber-security/small-business-cloud-security-guide/technical-example-regular-backups)
+    - [Azure File Sync (Disaster Recovery for local file shares)](https://learn.microsoft.com/en-us/azure/architecture/example-scenario/hybrid/hybrid-file-share-dr-remote-local-branch-workers), [Druva Phoenix](https://www.druva.com/products/data-center), 
+
+