Australian Governance Pack — Essential Eight ML2 & IRAP skills

EDUC4TE · Australian Governance Pack

The free pack built for Essential Eight ML2 and IRAP.

12 EDUC4TE-authored SharePoint AI Skills mapped to Australian compliance contexts. ISM-mapped evidence trails, Purview labelling, oversharing remediation, site lifecycle controls — every skill ships with the Australian governance defaults built in.

New to the format? Learn what a skill is →

Browse the full library
securityEDUC4TE

SharePoint Oversharing Audit

Audits sharing links and flags sites where external or broad access exceeds policy. Produces a risk-ranked table with remediation guidance.

# SharePoint Oversharing Audit **E8 Control:** Restrict Administrative Privileges **Output:** Risk-ranked site table with remediation actions and link counts.

E8: Restrict Administrative Privileges

securityEDUC4TE

Purview Label Coverage Check

Reviews unlabelled documents in SharePoint libraries and produces a gap report. Flags sensitive content types missing Purview sensitivity labels.

# Purview Label Coverage **Scan:** All document libraries in scope. **Output:** Unlabelled file count by site and library, with sensitivity type flags.

E8: Regular Backups

securityEDUC4TE

E8 Evidence Packager

Compiles SharePoint permission reports, access logs, and governance records into a structured evidence folder ready for an Essential Eight ML2 assessment.

# E8 Evidence Packager **Purpose:** IRAP / E8 ML2 preparation. **Gathers:** Access logs, permission reports, governance records → Evidence folder.

E8: Restrict Administrative Privileges · Regular Backups

governanceEDUC4TE

IRAP Evidence Trail Organiser

Structures SharePoint documentation into the ISM-mapped evidence folders required for a 2026 IRAP QA Framework assessment. Timestamps and labels each item.

# IRAP Evidence Trail Organiser **Standard:** 2026 IRAP QA Framework. **Output:** ISM-mapped folder structure with timestamped evidence items.

E8: Restrict Administrative Privileges · Patch Applications

securityEDUC4TE

Entra Agent ID Audit

Audits Entra Agent IDs across the tenant and flags agents with excess privilege, missing owners, or stale credentials. Aligned to Microsoft Entra Agent ID GA guidance.

# Entra Agent ID Audit **E8 Control:** Restrict Administrative Privileges **Scope:** All Entra Agent IDs in tenant. **Output:** Risk-ranked agent inventory.

E8: Restrict Administrative Privileges

securityEDUC4TE

Copilot Studio DLP Gap Check

Reviews Copilot Studio agents and connectors against DLP policy and flags gaps where sensitive data could leak. Aligned to DLP for Copilot Studio public preview.

# Copilot Studio DLP Gap Check **E8 Control:** Application Control **Scope:** All Copilot Studio agents. **Output:** Connector gap table.

E8: Application Control

governanceEDUC4TE

Copilot Readiness Assessment

Assesses tenant readiness for Microsoft 365 Copilot and Agent 365 rollout. Surfaces licensing, governance, and sharing prerequisites with a remediation checklist.

# Copilot Readiness Assessment **E8 Control:** User Application Hardening **Scope:** Tenant-wide readiness signals. **Output:** Readiness scorecard.

E8: User Application Hardening

governanceEDUC4TE

DSPM for AI Remediation Plan

Turns Purview DSPM for AI findings into a sequenced remediation plan with owners, target dates, and Essential Eight control mapping.

# DSPM for AI Remediation Plan **Source:** Purview DSPM for AI findings. **Output:** Owner-assigned remediation plan with E8 control mapping.

E8: Restrict Administrative Privileges

securityEDUC4TE

Conditional Access Policy for Agents

Drafts a Conditional Access policy for autonomous agents covering sign-in risk, device compliance, and session controls. Aligned to Microsoft Entra CA for agents preview.

# Conditional Access Policy for Agents **E8 Control:** User Application Hardening **Scope:** Autonomous Entra agents. **Output:** CA policy draft.

E8: User Application Hardening

governanceEDUC4TE

Privacy Act ADM Decision Log

Records automated decision-making events with the transparency fields required by the Privacy and Other Legislation Amendment Act 2024. Produces an OAIC-ready log.

# Privacy Act ADM Decision Log **Standard:** Privacy Act 2024 ADM transparency. **Scope:** Automated decision events. **Output:** OAIC-aligned decision log.
governanceEDUC4TE

SOCI Incident Responder Brief

Drafts a SOCI Act incident response brief covering critical-asset impact, reporting timelines, and Home Affairs notification fields. Aligned to the November 2025 SOCI amendments.

# SOCI Incident Responder Brief **Standard:** SOCI Act (Nov 2025 amendments). **Scope:** Critical-asset incidents. **Output:** Home Affairs notification draft.

E8: Regular Backups

securityEDUC4TE

Zero Trust Maturity Baseline

Establishes a Zero Trust maturity baseline across identity, device, network, and data pillars. Maps current state to the Microsoft Zero Trust maturity model.

# Zero Trust Maturity Baseline **E8 Control:** Multi-factor Authentication **Pillars:** Identity · Device · Network · Data. **Output:** Pillar-by-pillar scorecard.

E8: Multi-factor Authentication