documentation

Overview

Microsoft 365 and Azure Active Directory (Azure AD) form the foundation of modern IT infrastructure. This documentation covers setup, user management, security configurations, licensing, and best practices for enterprise deployments.

Prerequisites & Planning
Azure AD Initial Setup
User & Group Management
License Management
Security & Conditional Access
Multi-Factor Authentication (MFA)
Single Sign-On (SSO) Configuration
Microsoft 365 Applications Setup
Data Protection & Compliance
Monitoring & Troubleshooting

1. Prerequisites & Planning

System Requirements

Microsoft 365 business or enterprise subscription
Azure AD premium licenses (recommended)
Global Administrator rights in Azure AD
Domain name for organization
User list in CSV or Excel format

Planning Checklist

[ ] Define organizational structure (departments, teams)
[ ] Plan user naming conventions (firstname.lastname@domain.com)
[ ] Establish group naming standards
[ ] Identify security requirements
[ ] Plan for MFA rollout
[ ] Create backup admin accounts
[ ] Document change management process

2. Azure AD Initial Setup

Step 1: Verify Domain Ownership

1. Navigate to Azure Portal (portal.azure.com)
2. Go to Azure Active Directory > Custom domain names
3. Click "Add custom domain"
4. Enter your domain (e.g., company.com)
5. Verify ownership via DNS or text record
6. Complete verification

Step 2: Configure Directory Settings

Security Settings:

Set password expiration (90 days)
Configure password complexity requirements
Set lockout policies (5 attempts, 30-minute lockout)
Enable deleted user recovery (30 days)

Collaboration Settings:

Enable guest user invitations
Set guest user restrictions
Configure B2B collaboration
Enable external email domains

Step 3: Create Organization Units (OUs)

Proposed Structure:
- Users
  - Sales Team
  - IT Department
  - HR Department
  - Finance Department
- Groups
  - Distribution Lists
  - Security Groups
  - Dynamic Groups

3. User & Group Management

Adding Users Manually

Steps:

Azure AD > Users > New user
Enter:
- Name: (First Last)
- User principal name: firstname.lastname@domain.com
- Password: (Auto-generated or custom)
Assign roles (User, Admin)
Click Create

Bulk Import Users

CSV File Format:

Name,Email,Location,Department,Job Title
John Smith,john.smith@company.com,NYC,Sales,Manager
Jane Doe,jane.doe@company.com,LA,Marketing,Specialist

Steps:

Azure AD > Bulk operations > Bulk import
Download template CSV
Fill in user data
Upload file
Monitor import status

Creating Groups

Types:

Security Groups: Access to resources
Distribution Groups: Email distribution
Dynamic Groups: Auto-populated via rules

Example Dynamic Group Rule:

(user.department -eq "Sales") OR (user.department -eq "Marketing")

4. License Management

Assigning Licenses

Methods:

Direct Assignment:
- Azure AD > Users > Select user
- Licenses > Assign
- Select Microsoft 365 plan
- Click Assign
Group-Based Licensing:
- Create security group
- Assign license to group
- Add users to group
- License auto-applied

License Skus

SKU	Includes	Best For
Office 365 E1	Teams, Outlook, Word Online	Basic users
Office 365 E3	Desktop apps, OneDrive 1TB, Teams	Standard users
Office 365 E5	All E3 + Compliance, Analytics	Enterprise

5. Security & Conditional Access

Conditional Access Policy Template

Purpose: Block access from risky locations

Policy Settings:

Assignments: All users
Cloud apps: Microsoft 365 apps
Conditions:
- Sign-in risk: Medium, High
- Location: Non-trusted locations
Access controls: Require MFA

Steps:

Azure AD > Security > Conditional Access
New policy > Create from scratch
Configure conditions
Set grant/block controls
Enable policy

6. Multi-Factor Authentication (MFA)

Enabling MFA for All Users

Option 1: Per-User MFA

1. Azure AD > Users > Select user
2. Multi-factor authentication
3. Check box next to user
4. Enable
5. User sets up MFA on next login

Option 2: Conditional Access (Recommended)

Create policy:
- All users
- All cloud apps
- Grant: Require MFA
- Enable: ON

MFA Methods Supported

Authenticator app (Microsoft, Google)
SMS verification
Phone call
Hardware token (FIDO2)

7. Single Sign-On (SSO) Configuration

SAML-Based SSO Setup

Steps:

Add application from gallery
Download SAML certificate
Configure IdP in application
Test SSO connection
Assign users to application

OAuth 2.0 Configuration

Parameters:

Client ID: (from app)
Client Secret: (from app)
Authorization endpoint: (app-specific)
Token endpoint: (app-specific)

8. Microsoft 365 Applications Setup

Teams Configuration

Admin Center Steps:

teams.microsoft.com/admin
Org-wide settings > Teams settings
Configure:
- Guest access (on/off)
- Guest calling
- External meeting settings
- Recording settings

SharePoint Online Setup

1. admin.microsoft.com > SharePoint
2. Create team site
3. Configure permissions
4. Enable document library
5. Set retention policies

OneDrive for Business

Setup:

Auto-enabled for all users
1TB storage per user (E3+)
Sync client available
Version history: 93 days

9. Data Protection & Compliance

Information Protection

Labels:

Public: No restrictions
Internal: Organization only
Confidential: Limited distribution
Restricted: Executives only

Data Loss Prevention (DLP)

Policy Example:

Detect: Credit card numbers
Location: Exchange, Teams, SharePoint
Action: Notify user, block action

10. Monitoring & Troubleshooting

Key Dashboards

Sign-in Activity:
- Azure AD > Sign-in logs
- Filter by user/app
- Identify failed attempts
Audit Logs:
- Track user creation/deletion
- License changes
- Permission modifications
Microsoft 365 Admin Center:
- Health status
- User activity
- Storage usage

Common Issues & Solutions

Issue: User cannot sign in

Check Azure AD status (enabled/disabled)
Verify password policy compliance
Test with alternative device
Check conditional access policies

Issue: License not applied

Verify license availability
Check user location setting
Remove and reassign license
Wait 24 hours for sync

Issue: MFA not triggering

Verify conditional access policy
Check MFA status in Azure AD
Test with incognito browser
Clear Authenticator app cache

Best Practices

✅ Governance:

Use role-based access control (RBAC)
Implement principle of least privilege
Audit admin accounts quarterly
Require MFA for all admins

✅ Security:

Enable Azure AD Identity Protection
Use passwordless authentication
Implement Conditional Access
Monitor sign-in logs regularly

✅ Maintenance:

Archive inactive users (90+ days)
Review group memberships quarterly
Update retention policies annually
Backup critical settings

Resources

Microsoft 365 Admin Center: https://admin.microsoft.com
Azure Portal: https://portal.azure.com
Microsoft Documentation: https://docs.microsoft.com/microsoft-365
Azure AD Support: https://support.microsoft.com/azure-ad

For enterprise deployments, consult Microsoft Solutions Partner or engage Microsoft Consulting Services.

Command Palette

Overview

Table of Contents

1. Prerequisites & Planning

System Requirements

Planning Checklist

2. Azure AD Initial Setup

Step 1: Verify Domain Ownership

Step 2: Configure Directory Settings

Step 3: Create Organization Units (OUs)

3. User & Group Management

Adding Users Manually

Bulk Import Users

Creating Groups

4. License Management

Assigning Licenses

License Skus

5. Security & Conditional Access

Conditional Access Policy Template

6. Multi-Factor Authentication (MFA)

Enabling MFA for All Users

MFA Methods Supported

7. Single Sign-On (SSO) Configuration

SAML-Based SSO Setup

OAuth 2.0 Configuration

8. Microsoft 365 Applications Setup

Teams Configuration

SharePoint Online Setup

OneDrive for Business

9. Data Protection & Compliance

Information Protection

Data Loss Prevention (DLP)

10. Monitoring & Troubleshooting

Key Dashboards

Common Issues & Solutions

Best Practices

Resources

Comments

More from this blog