Standardized Use of Microsoft Tools - Policy Implementation Notice

1. Purpose

The purpose of this policy implementation notice (PIN) is to align policy requirements with the Microsoft 365 (M365) E5 enterprise licensed software rollout.

2. Effective date

This PIN is effective as of April 1, 2025.

3. Authority

This PIN supports subsection 4.4.1.1 of the Policy on Service and Digital and subsection 4.4.1.1 of the Directive on Service and Digital.

4. Application

This PIN applies to the institutions listed in section 6 of the Policy on Service and Digital.

5. Considerations

The Government of Canada (GC) needs to standardize its workplace technology to ensure all employees have consistent access to essential tools for communication, collaboration and document management. Standardization also supports the delivery of secure, modern and accessible services. Shared Services Canada (SSC) has procured enterprise licences for M365 for the GC to obtain best value for money. The current rollout of M365 E5 is based on the GC’s security and compliance stacks offerings.

Chief information officers, chief technology officers and heads of information technology (IT) for GC organizations have a duty and responsibility to ensure their employees have the IT tools they require to successfully support service delivery and ensure the protection of information systems under their organization’s custody and/or control.

6. Procedures

• 6.1 SSC must issue enterprise licences for M365 in accordance with volumes reported in the departmental plans for service and digital within 30 days following a request.
• 6.2 Institutions must implement the enterprise licences within 180 days of receipt.
• 6.3 Institutions must configure M365 in accordance with the Treasury Board of Canada Secretariat (TBS) M365 Security Playbook.
• 6.4 Institutions must provide SSC with the necessary access to support SSC’s mandate to deliver enterprise services and monitor compliance.
• 6.5 As part of its normal operations, SSC monitors licence adoption and usage compliance and will provide reports to TBS within 90 days of the end of the fiscal year.

7. Compliance

TBS will monitor departmental progress and engage departmental senior officials such as chief information officers, chief security officers and designated officials for cyber security as necessary to support successful adoption of and compliance with the guidance specified above.

8. Enquiries

Members of the public may contact TBS Public Enquiries for information at publicenquiries-demandesderenseignement@tbs-sct.gc.ca about this implementation notice.

Employees of federal institutions may contact zzTBS-EnterpriseStan@tbs-sct.gc.ca about this implementation notice.