ms365-tenant-manager
Comprehensive Microsoft 365 tenant administration skill for setup, configuration, user management, security policies, and organizational structure optimization for Global Administrators
Best use case
ms365-tenant-manager is best used when you need a repeatable AI agent workflow instead of a one-off prompt. It is especially useful for teams working in multi. Comprehensive Microsoft 365 tenant administration skill for setup, configuration, user management, security policies, and organizational structure optimization for Global Administrators
Comprehensive Microsoft 365 tenant administration skill for setup, configuration, user management, security policies, and organizational structure optimization for Global Administrators
Users should expect a more consistent workflow output, faster repeated execution, and less time spent rewriting prompts from scratch.
Practical example
Example input
Use the "ms365-tenant-manager" skill to help with this workflow task. Context: Comprehensive Microsoft 365 tenant administration skill for setup, configuration, user management, security policies, and organizational structure optimization for Global Administrators
Example output
A structured workflow result with clearer steps, more consistent formatting, and an output that is easier to reuse in the next run.
When to use this skill
- Use this skill when you want a reusable workflow rather than writing the same prompt again and again.
When not to use this skill
- Do not use this when you only need a one-off answer and do not need a reusable workflow.
- Do not use it if you cannot install or maintain the related files, repository context, or supporting tools.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/ms365-tenant-manager/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How ms365-tenant-manager Compares
| Feature / Agent | ms365-tenant-manager | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Comprehensive Microsoft 365 tenant administration skill for setup, configuration, user management, security policies, and organizational structure optimization for Global Administrators
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Microsoft 365 Tenant Manager This skill provides expert guidance and automation for Microsoft 365 Global Administrators managing tenant setup, configuration, user lifecycle, security policies, and organizational optimization. ## Capabilities - **Tenant Setup & Configuration**: Initial tenant setup, domain configuration, DNS records, service provisioning - **User & Group Management**: User lifecycle (create, modify, disable, delete), group creation, license assignment - **Security & Compliance**: Conditional Access policies, MFA setup, DLP policies, retention policies, security baselines - **SharePoint & OneDrive**: Site provisioning, permissions management, storage quotas, sharing policies - **Teams Administration**: Team creation, policy management, guest access, compliance settings - **Exchange Online**: Mailbox management, distribution groups, mail flow rules, anti-spam/malware policies - **License Management**: License allocation, optimization, cost analysis, usage reporting - **Reporting & Auditing**: Activity reports, audit logs, compliance reporting, usage analytics - **Automation Scripts**: PowerShell script generation for bulk operations and recurring tasks - **Best Practices**: Microsoft recommended configurations, security hardening, governance frameworks ## Input Requirements Tenant management tasks require: - **Action type**: setup, configure, create, modify, delete, report, audit - **Resource details**: User info, group names, policy settings, service configurations - **Organizational context**: Company size, industry, compliance requirements (GDPR, HIPAA, etc.) - **Current state**: Existing configurations, licenses, user count - **Desired outcome**: Specific goals, requirements, or changes needed Formats accepted: - Text descriptions of administrative tasks - JSON with structured configuration data - CSV for bulk user/group operations - Existing PowerShell scripts to review or modify ## Output Formats Results include: - **Step-by-step instructions**: Detailed guidance for manual configuration via Admin Center - **PowerShell scripts**: Ready-to-use scripts for automation (with safety checks) - **Configuration recommendations**: Security and governance best practices - **Validation checklists**: Pre/post-implementation verification steps - **Documentation**: Markdown documentation of changes and configurations - **Rollback procedures**: Instructions to undo changes if needed - **Compliance reports**: Security posture and compliance status ## How to Use "Set up a new Microsoft 365 tenant for a 50-person company with security best practices" "Create a PowerShell script to provision 100 users from a CSV file with appropriate licenses" "Configure Conditional Access policy requiring MFA for all admin accounts" "Generate a report of all inactive users in the past 90 days" "Set up Teams policies for external collaboration with security controls" ## Scripts - `tenant_setup.py`: Initial tenant configuration and service provisioning automation - `user_management.py`: User lifecycle operations and bulk provisioning - `security_policies.py`: Security policy configuration and compliance checks - `reporting.py`: Analytics, audit logs, and compliance reporting - `powershell_generator.py`: Generates PowerShell scripts for Microsoft Graph API and admin modules ## Best Practices ### Tenant Setup 1. **Enable MFA first** - Before adding users, enforce multi-factor authentication 2. **Configure named locations** - Define trusted IP ranges for Conditional Access 3. **Set up privileged access** - Use separate admin accounts, enable PIM (Privileged Identity Management) 4. **Domain verification** - Add and verify custom domains before bulk user creation 5. **Baseline security** - Apply Microsoft Secure Score recommendations immediately ### User Management 1. **License assignment** - Use group-based licensing for scalability 2. **Naming conventions** - Establish consistent user principal names (UPNs) and display names 3. **Lifecycle management** - Implement automated onboarding/offboarding workflows 4. **Guest access** - Enable only when necessary, set expiration policies 5. **Shared mailboxes** - Use for department emails instead of assigning licenses ### Security & Compliance 1. **Zero Trust approach** - Verify explicitly, use least privilege access, assume breach 2. **Conditional Access** - Start with report-only mode, then enforce gradually 3. **Data Loss Prevention** - Define sensitive information types, test policies before enforcement 4. **Retention policies** - Balance compliance requirements with storage costs 5. **Regular audits** - Review permissions, licenses, and security settings quarterly ### SharePoint & Teams 1. **Site provisioning** - Use templates and governance policies 2. **External sharing** - Restrict to specific domains, require authentication 3. **Storage management** - Set quotas, enable auto-cleanup of old content 4. **Teams templates** - Create standardized team structures for consistency 5. **Guest lifecycle** - Set expiration and regular recertification ### PowerShell Automation 1. **Use Microsoft Graph** - Prefer Graph API over legacy MSOnline modules 2. **Error handling** - Include try/catch blocks and validation checks 3. **Dry-run mode** - Test scripts with -WhatIf before executing 4. **Logging** - Capture all operations for audit trails 5. **Credential management** - Use Azure Key Vault or managed identities, never hardcode ## Common Tasks ### Initial Tenant Setup - Configure company branding - Add and verify custom domains - Set up DNS records (MX, SPF, DKIM, DMARC) - Enable required services (Teams, SharePoint, Exchange) - Create organizational structure (departments, locations) - Set default user settings and policies ### User Onboarding - Create user accounts (single or bulk) - Assign appropriate licenses - Add to security and distribution groups - Configure mailbox and OneDrive - Set up multi-factor authentication - Provision Teams access ### Security Hardening - Enable Security Defaults or Conditional Access - Configure MFA enforcement - Set up admin role assignments - Enable audit logging - Configure anti-phishing policies - Set up DLP and retention policies ### Reporting & Monitoring - Active users and license utilization - Security incidents and alerts - Mailbox usage and storage - SharePoint site activity - Teams usage and adoption - Compliance and audit logs ## Limitations - **Permissions required**: Global Administrator or specific role-based permissions - **API rate limits**: Microsoft Graph API has throttling limits for bulk operations - **License dependencies**: Some features require specific license tiers (E3, E5) - **Delegation constraints**: Some tasks cannot be delegated to service principals - **Regional variations**: Compliance features may vary by geographic region - **Hybrid scenarios**: On-premises Active Directory integration requires additional configuration - **Third-party integrations**: External apps may require separate authentication and permissions - **PowerShell prerequisites**: Requires appropriate modules installed (Microsoft.Graph, ExchangeOnlineManagement, etc.) ## Security Considerations ### Authentication - Never store credentials in scripts or configuration files - Use Azure Key Vault for credential management - Implement certificate-based authentication for automation - Enable Conditional Access for admin accounts - Use Privileged Identity Management (PIM) for JIT access ### Authorization - Follow principle of least privilege - Use custom admin roles instead of Global Admin when possible - Regularly review and audit admin role assignments - Enable PIM for temporary elevated access - Separate user accounts from admin accounts ### Compliance - Enable audit logging for all activities - Retain logs according to compliance requirements - Configure data residency for regulated industries - Implement information barriers where needed - Regular compliance assessments and reporting ## PowerShell Modules Required To execute generated scripts, ensure these modules are installed: - `Microsoft.Graph` (recommended, modern Graph API) - `ExchangeOnlineManagement` (Exchange Online management) - `MicrosoftTeams` (Teams administration) - `SharePointPnPPowerShellOnline` (SharePoint management) - `AzureAD` or `AzureADPreview` (Azure AD management - being deprecated) - `MSOnline` (Legacy, being deprecated - avoid when possible) ## Updates & Maintenance - Microsoft 365 features and APIs evolve rapidly - Review Microsoft 365 Roadmap regularly for upcoming changes - Test scripts in non-production tenant before production deployment - Subscribe to Microsoft 365 Admin Center message center for updates - Keep PowerShell modules updated to latest versions - Regular security baseline reviews (quarterly recommended) ## Helpful Resources - **Microsoft 365 Admin Center**: https://admin.microsoft.com - **Microsoft Graph Explorer**: https://developer.microsoft.com/graph/graph-explorer - **PowerShell Gallery**: https://www.powershellgallery.com - **Microsoft Secure Score**: Security posture assessment in Admin Center - **Microsoft 365 Compliance Center**: https://compliance.microsoft.com - **Azure AD Conditional Access**: Identity and access management policies
Related Skills
backlog-manager
需求池管理。用户随时抛出想法/痛点,AI 负责追问、整理、合并、归档到需求池文件。用户准备开新版本时,协助从池中筛选。痛点驱动,不做提前排期。
risk-manager
Monitor portfolio risk, R-multiples, and position limits. Creates hedging strategies, calculates expectancy, and implements stop-losses. Use PROACTIVELY for risk assessment, trade tracking, or portfolio protection.
context-manager
Elite AI context engineering specialist mastering dynamic context management, vector databases, knowledge graphs, and intelligent memory systems. Orchestrates context across multi-agent workflows, enterprise AI systems, and long-running projects with 2024/2025 best practices. Use PROACTIVELY for complex AI orchestration.
azure-resource-manager-sql-dotnet
Azure Resource Manager SDK for Azure SQL in .NET. Use for MANAGEMENT PLANE operations: creating/managing SQL servers, databases, elastic pools, firewall rules, and failover groups via Azure Resource Manager. NOT for data plane operations (executing queries) - use Microsoft.Data.SqlClient for that. Triggers: "SQL server", "create SQL database", "manage SQL resources", "ARM SQL", "SqlServerResource", "provision Azure SQL", "elastic pool", "firewall rule".
azure-resource-manager-redis-dotnet
Azure Resource Manager SDK for Redis in .NET. Use for MANAGEMENT PLANE operations: creating/managing Azure Cache for Redis instances, firewall rules, access keys, patch schedules, linked servers (geo-replication), and private endpoints via Azure Resource Manager. NOT for data plane operations (get/set keys, pub/sub) - use StackExchange.Redis for that. Triggers: "Redis cache", "create Redis", "manage Redis", "ARM Redis", "RedisResource", "provision Redis", "Azure Cache for Redis".
azure-resource-manager-postgresql-dotnet
Azure PostgreSQL Flexible Server SDK for .NET. Database management for PostgreSQL Flexible Server deployments. Use for creating servers, databases, firewall rules, configurations, backups, and high availability. Triggers: "PostgreSQL", "PostgreSqlFlexibleServer", "PostgreSQL Flexible Server", "Azure Database for PostgreSQL", "PostgreSQL database management", "PostgreSQL firewall", "PostgreSQL backup", "Postgres".
azure-resource-manager-playwright-dotnet
Azure Resource Manager SDK for Microsoft Playwright Testing in .NET. Use for MANAGEMENT PLANE operations: creating/managing Playwright Testing workspaces, checking name availability, and managing workspace quotas via Azure Resource Manager. NOT for running Playwright tests - use Azure.Developer.MicrosoftPlaywrightTesting.NUnit for that. Triggers: "Playwright workspace", "create Playwright Testing workspace", "manage Playwright resources", "ARM Playwright", "PlaywrightWorkspaceResource", "provision Playwright Testing".
azure-resource-manager-cosmosdb-dotnet
Azure Resource Manager SDK for Cosmos DB in .NET. Use for MANAGEMENT PLANE operations: creating/managing Cosmos DB accounts, databases, containers, throughput settings, and RBAC via Azure Resource Manager. NOT for data plane operations (CRUD on documents) - use Microsoft.Azure.Cosmos for that. Triggers: "Cosmos DB account", "create Cosmos account", "manage Cosmos resources", "ARM Cosmos", "CosmosDBAccountResource", "provision Cosmos DB".
agent-manager-skill
Manage multiple local CLI agents via tmux sessions (start/stop/monitor/assign) with cron-friendly scheduling.
notebooklm-manager
This skill should be used when the user wants to interact with NotebookLM notebooks via Claude Code's Chrome integration. Trigger phrases: "Query my NotebookLM", "Ask my notebook about X", "query [id] about X", "list my notebooks", "add notebook URL", "show notebook details", "search notebooks for X", "Check my docs", "what does my [topic] notebook say about", "remove notebook", "delete notebook", "disable notebook", "enable notebook". Also triggers when user: (1) mentions NotebookLM explicitly, (2) shares NotebookLM URL (https://notebooklm.google.com/notebook/...). Do NOT use for: general web searches, local file reading, or non-NotebookLM documentation queries. Requires: claude --chrome with claude-in-chrome MCP.
home-assistant-manager
Expert-level Home Assistant configuration management with efficient deployment workflows (git and rapid scp iteration), remote CLI access via SSH and hass-cli, automation verification protocols, log analysis, reload vs restart optimization, and comprehensive Lovelace dashboard management for tablet-optimized UIs. Includes template patterns, card types, debugging strategies, and real-world examples.
ghe-thread-manager
Use this skill when the user expresses ANY intent related to issue/thread management: - Switching issues: "let's work on X", "switch to #Y", "go to the auth issue" - Checking status: "what are we working on?", "current issue?", "status?" - Background work: "what's in background?", "any features ready?", "check progress" - Starting development: "implement X", "add feature", "fix bug Y", "build a..." - Joining reviews: "let me see the review", "check that feature", "join #X" - Pausing/resuming: "pause this", "come back later", "resume #X" - Stopping transcription: "stop tracking", "don't record this", "private mode" - Resuming last session: "what were we working on?", "resume last issue", "continue where we left off" - Any natural expression of wanting to change focus or check work status This skill interprets natural language - users should NOT memorize commands. For the full GHE workflow protocol, see skill: github-elements-tracking