Three Day Track

Day 1 – Tenant Baseline

Goal: Establish a secure foundation for your Microsoft 365 tenant.

Prerequisites Q&A
Collect tenant name, billing info, domains, and Conditional Access levels.

Create a Tenant
Set up Azure, create Break Glass admin account, enable MFA.

Add License Provider (if required)
Configure credit card-based licensing.

Naming Convention
Define naming standards; default HQ site.

Assign Licenses via Groups
Apply licenses through security groups.

Add Domain
Verify and configure custom domain.

MFA Basics
Enable MFA methods, set CA exclusions, run registration campaign.

Tenant Security Basics
Configure branding, audit settings, app consent, lockbox.

Finishing Steps
Enable Safe Links, set notification mailbox.

Day 2 – Protection Sets

Goal: Apply security baselines for users and core services.

User Categories

General Tenant PS
Import CA JSONs, adjust groups.

Break Glass PS
FIDO2 setup, CA policies.

Advanced Users PS1
Requires Intune compliance.

Exchange Online PS
Configure EXO best practices

Day 3 – Collaboration & Device Management

Goal: Secure collaboration tools and endpoints.

OneDrive & SharePoint

Configure OneDrive & SharePoint best practices

Teams

Configure Teams best practices

Intune Baseline

Autopilot Deployment

Intune Architecture

Configuration Profiles

App Deployment

Defender for Office 365 & Endpoint