How do you implement A.7.8 in Microsoft 365?

A.7.8 Equipment Siting and Protection can be implemented in Microsoft 365 using Microsoft Intune admin center (intune.microsoft.com) > Devices > All devices; Devices > Configuration profiles. Contact Global Micro Solutions for a detailed implementation guide.

What does an auditor check for A.7.8?

Auditors verify that A.7.8 Equipment Siting and Protection is properly implemented by reviewing evidence from your M365 tenant, checking configuration against ISO 27001 requirements, and validating compliance documentation.

ISO 27001 A.7.8: Equipment Siting and Protection — M365 Implementation Guide | Global Micro Solutions

What is this control?

ISO 27001 control A.7.8 Equipment Siting and Protection ensures the organisation sites and protects equipment through physical controls and technical compensating measures to reduce risks from physical and environmental threats, unauthorised access, and damage. The control combines secure zone placement with locked racks, screen positioning to prevent shoulder surfing, hazard avoidance, wireless access point siting for signal containment, and technical hardening via Intune enrollment with remote wipe capability.

How to implement in Microsoft 365

Implement A.7.8 by siting core infrastructure in dedicated, lockable secure zones with environmental protection maintaining 18-27 degrees Celsius and 40-60% humidity with water hazard avoidance. Verify cable management prevents trip hazards and orientation of console ports faces into locked cabinets. Position user endpoint screens away from windows and walkways to prevent shoulder surfing.

Place shared printers in staff-supervised areas and secure public displays with VESA locks. Mount wireless access points centrally at ceiling height for signal containment. Enrol all portable devices in Microsoft Intune to enable remote wipe if equipment is stolen.

What an auditor looks for

Auditors will verify physical inspection reports showing secure zone siting, environmental controls, and console port orientation. They will check screen positioning verification during office walkthrough confirming screens are not visible from windows or corridors. Auditors will verify printer location confirmation in staff-supervised areas.

They will review wireless heatmap or physical inspection confirming central mounting. Auditors will check Intune enrollment report showing managed devices. They will verify device configuration deployment report showing profiles deployed for hardening.

[A.7.6 (Working in secure areas - screen lock timeout)](/controls/a-7-6 (working in secure areas - screen lock timeout)/)
[A.8.1 (User endpoint devices - device compliance)](/controls/a-8-1 (user endpoint devices - device compliance)/)
[A.8.24 (Use of cryptography - BitLocker encryption)](/controls/a-8-24 (use of cryptography - bitlocker encryption)/)
[A.7.7 (Clear desk and clear screen - Universal Print)](/controls/a-7-7 (clear desk and clear screen - universal print)/)

M365 capabilities that implement this control

Microsoft-managed fire protection, water damage protection, emergency power, and environmental controls

What is this control?

How to implement in Microsoft 365

What an auditor looks for

Related controls

M365 capabilities that implement this control