M365 Platform Documentation

Identity, messaging, and tenant security for Microsoft 365. Standard configurations, PowerShell patterns, and hardening sequences for Entra ID, Exchange Online, and Defender.

Hardening Order

Secure a tenant in this sequence. Identity first, then messaging, then monitoring.

1
Entra ID Conditional Access, MFA, PIM, break-glass
2
Email Auth SPF, DKIM, DMARC alignment
3
Exchange Online Transport rules, mail flow, quarantine
4
Defender Anti-phishing, safe attachments, safe links

Guides

Standard hardening patterns for each M365 capability. Start with the tenant checklist, then go deep per topic.

Tenant Security Checklist

Tenant-level security configuration baseline. Validate your M365 setup against standard expectations.

View guide →

Entra ID and Conditional Access

Identity hardening. Conditional Access policies, app registrations, service principals, and PIM.

View guide →

Exchange Online

Mail flow, transport rules, shared mailboxes, hybrid coexistence, and migration patterns.

View guide →

SPF, DKIM, and DMARC

Email authentication alignment, DNS records, header analysis, and DMARC progression.

View guide →

Defender for Office 365

Anti-phishing policies, safe attachments, safe links, and impersonation protection.

View guide →

Tenant Security Flow

How M365 security layers protect your tenant:

Identity
Entra ID Conditional Access MFA
Email
SPF / DKIM / DMARC Defender Policies
Tenant
Sharing Controls Audit Logging
Endpoints
Intune Group Policy