ms365-tenant-manager
Comprehensive Microsoft 365 tenant administration skill for setup, configuration, user management, security policies, and organizational structure optimization for Global Administrators
Best use case
ms365-tenant-manager is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Comprehensive Microsoft 365 tenant administration skill for setup, configuration, user management, security policies, and organizational structure optimization for Global Administrators
Teams using ms365-tenant-manager should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/ms365-tenant-manager/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How ms365-tenant-manager Compares
| Feature / Agent | ms365-tenant-manager | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Comprehensive Microsoft 365 tenant administration skill for setup, configuration, user management, security policies, and organizational structure optimization for Global Administrators
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Microsoft 365 Tenant Manager This skill provides expert guidance and automation for Microsoft 365 Global Administrators managing tenant setup, configuration, user lifecycle, security policies, and organizational optimization. ## Capabilities - **Tenant Setup & Configuration**: Initial tenant setup, domain configuration, DNS records, service provisioning - **User & Group Management**: User lifecycle (create, modify, disable, delete), group creation, license assignment - **Security & Compliance**: Conditional Access policies, MFA setup, DLP policies, retention policies, security baselines - **SharePoint & OneDrive**: Site provisioning, permissions management, storage quotas, sharing policies - **Teams Administration**: Team creation, policy management, guest access, compliance settings - **Exchange Online**: Mailbox management, distribution groups, mail flow rules, anti-spam/malware policies - **License Management**: License allocation, optimization, cost analysis, usage reporting - **Reporting & Auditing**: Activity reports, audit logs, compliance reporting, usage analytics - **Automation Scripts**: PowerShell script generation for bulk operations and recurring tasks - **Best Practices**: Microsoft recommended configurations, security hardening, governance frameworks ## Input Requirements Tenant management tasks require: - **Action type**: setup, configure, create, modify, delete, report, audit - **Resource details**: User info, group names, policy settings, service configurations - **Organizational context**: Company size, industry, compliance requirements (GDPR, HIPAA, etc.) - **Current state**: Existing configurations, licenses, user count - **Desired outcome**: Specific goals, requirements, or changes needed Formats accepted: - Text descriptions of administrative tasks - JSON with structured configuration data - CSV for bulk user/group operations - Existing PowerShell scripts to review or modify ## Output Formats Results include: - **Step-by-step instructions**: Detailed guidance for manual configuration via Admin Center - **PowerShell scripts**: Ready-to-use scripts for automation (with safety checks) - **Configuration recommendations**: Security and governance best practices - **Validation checklists**: Pre/post-implementation verification steps - **Documentation**: Markdown documentation of changes and configurations - **Rollback procedures**: Instructions to undo changes if needed - **Compliance reports**: Security posture and compliance status ## How to Use "Set up a new Microsoft 365 tenant for a 50-person company with security best practices" "Create a PowerShell script to provision 100 users from a CSV file with appropriate licenses" "Configure Conditional Access policy requiring MFA for all admin accounts" "Generate a report of all inactive users in the past 90 days" "Set up Teams policies for external collaboration with security controls" ## Scripts - `tenant_setup.py`: Initial tenant configuration and service provisioning automation - `user_management.py`: User lifecycle operations and bulk provisioning - `security_policies.py`: Security policy configuration and compliance checks - `reporting.py`: Analytics, audit logs, and compliance reporting - `powershell_generator.py`: Generates PowerShell scripts for Microsoft Graph API and admin modules ## Best Practices ### Tenant Setup 1. **Enable MFA first** - Before adding users, enforce multi-factor authentication 2. **Configure named locations** - Define trusted IP ranges for Conditional Access 3. **Set up privileged access** - Use separate admin accounts, enable PIM (Privileged Identity Management) 4. **Domain verification** - Add and verify custom domains before bulk user creation 5. **Baseline security** - Apply Microsoft Secure Score recommendations immediately ### User Management 1. **License assignment** - Use group-based licensing for scalability 2. **Naming conventions** - Establish consistent user principal names (UPNs) and display names 3. **Lifecycle management** - Implement automated onboarding/offboarding workflows 4. **Guest access** - Enable only when necessary, set expiration policies 5. **Shared mailboxes** - Use for department emails instead of assigning licenses ### Security & Compliance 1. **Zero Trust approach** - Verify explicitly, use least privilege access, assume breach 2. **Conditional Access** - Start with report-only mode, then enforce gradually 3. **Data Loss Prevention** - Define sensitive information types, test policies before enforcement 4. **Retention policies** - Balance compliance requirements with storage costs 5. **Regular audits** - Review permissions, licenses, and security settings quarterly ### SharePoint & Teams 1. **Site provisioning** - Use templates and governance policies 2. **External sharing** - Restrict to specific domains, require authentication 3. **Storage management** - Set quotas, enable auto-cleanup of old content 4. **Teams templates** - Create standardized team structures for consistency 5. **Guest lifecycle** - Set expiration and regular recertification ### PowerShell Automation 1. **Use Microsoft Graph** - Prefer Graph API over legacy MSOnline modules 2. **Error handling** - Include try/catch blocks and validation checks 3. **Dry-run mode** - Test scripts with -WhatIf before executing 4. **Logging** - Capture all operations for audit trails 5. **Credential management** - Use Azure Key Vault or managed identities, never hardcode ## Common Tasks ### Initial Tenant Setup - Configure company branding - Add and verify custom domains - Set up DNS records (MX, SPF, DKIM, DMARC) - Enable required services (Teams, SharePoint, Exchange) - Create organizational structure (departments, locations) - Set default user settings and policies ### User Onboarding - Create user accounts (single or bulk) - Assign appropriate licenses - Add to security and distribution groups - Configure mailbox and OneDrive - Set up multi-factor authentication - Provision Teams access ### Security Hardening - Enable Security Defaults or Conditional Access - Configure MFA enforcement - Set up admin role assignments - Enable audit logging - Configure anti-phishing policies - Set up DLP and retention policies ### Reporting & Monitoring - Active users and license utilization - Security incidents and alerts - Mailbox usage and storage - SharePoint site activity - Teams usage and adoption - Compliance and audit logs ## Limitations - **Permissions required**: Global Administrator or specific role-based permissions - **API rate limits**: Microsoft Graph API has throttling limits for bulk operations - **License dependencies**: Some features require specific license tiers (E3, E5) - **Delegation constraints**: Some tasks cannot be delegated to service principals - **Regional variations**: Compliance features may vary by geographic region - **Hybrid scenarios**: On-premises Active Directory integration requires additional configuration - **Third-party integrations**: External apps may require separate authentication and permissions - **PowerShell prerequisites**: Requires appropriate modules installed (Microsoft.Graph, ExchangeOnlineManagement, etc.) ## Security Considerations ### Authentication - Never store credentials in scripts or configuration files - Use Azure Key Vault for credential management - Implement certificate-based authentication for automation - Enable Conditional Access for admin accounts - Use Privileged Identity Management (PIM) for JIT access ### Authorization - Follow principle of least privilege - Use custom admin roles instead of Global Admin when possible - Regularly review and audit admin role assignments - Enable PIM for temporary elevated access - Separate user accounts from admin accounts ### Compliance - Enable audit logging for all activities - Retain logs according to compliance requirements - Configure data residency for regulated industries - Implement information barriers where needed - Regular compliance assessments and reporting ## PowerShell Modules Required To execute generated scripts, ensure these modules are installed: - `Microsoft.Graph` (recommended, modern Graph API) - `ExchangeOnlineManagement` (Exchange Online management) - `MicrosoftTeams` (Teams administration) - `SharePointPnPPowerShellOnline` (SharePoint management) - `AzureAD` or `AzureADPreview` (Azure AD management - being deprecated) - `MSOnline` (Legacy, being deprecated - avoid when possible) ## Updates & Maintenance - Microsoft 365 features and APIs evolve rapidly - Review Microsoft 365 Roadmap regularly for upcoming changes - Test scripts in non-production tenant before production deployment - Subscribe to Microsoft 365 Admin Center message center for updates - Keep PowerShell modules updated to latest versions - Regular security baseline reviews (quarterly recommended) ## Helpful Resources - **Microsoft 365 Admin Center**: https://admin.microsoft.com - **Microsoft Graph Explorer**: https://developer.microsoft.com/graph/graph-explorer - **PowerShell Gallery**: https://www.powershellgallery.com - **Microsoft Secure Score**: Security posture assessment in Admin Center - **Microsoft 365 Compliance Center**: https://compliance.microsoft.com - **Azure AD Conditional Access**: Identity and access management policies
Related Skills
tech-stack-evaluator
Comprehensive technology stack evaluation and comparison tool with TCO analysis, security assessment, and intelligent recommendations for engineering teams
tdd-guide
Comprehensive Test Driven Development guide for engineering subagents with multi-framework support, coverage analysis, and intelligent test generation
social-media-analyzer
Analyzes social media campaign performance across platforms with engagement metrics, ROI calculations, and audience insights for data-driven marketing decisions
slash-command-factory
Generate custom Claude Code slash commands through intelligent 5-7 question flow. Creates powerful commands for business research, content analysis, healthcare compliance, API integration, documentation automation, and workflow optimization. Outputs organized commands to generated-commands/ with validation and installation guidance.
scrum-master-agent
Comprehensive Scrum Master assistant for sprint planning, backlog grooming, retrospectives, capacity planning, and daily standups with intelligent context-aware reporting
prompt-factory
World-class prompt powerhouse that generates production-ready mega-prompts for any role, industry, and task through intelligent 7-question flow, 69 comprehensive presets across 15 professional domains (technical, business, creative, legal, finance, HR, design, customer, executive, manufacturing, R&D, regulatory, specialized-technical, research, creative-media), multiple output formats (XML/Claude/ChatGPT/Gemini), quality validation gates, and contextual best practices from OpenAI/Anthropic/Google. Supports both core and advanced modes with testing scenarios and prompt variations.
hook-factory
Generate production-ready Claude Code hooks with interactive Q&A, automated installation, and enhanced validation. Supports 10 templates across 7 event types for comprehensive workflow automation.
content-trend-researcher
Advanced content and topic research skill that analyzes trends across Google Analytics, Google Trends, Substack, Medium, Reddit, LinkedIn, X, blogs, podcasts, and YouTube to generate data-driven article outlines based on user intent analysis
codex-cli-bridge
Bridge between Claude Code and OpenAI Codex CLI - generates AGENTS.md from CLAUDE.md, provides Codex CLI execution helpers, and enables seamless interoperability between both tools
claude-md-enhancer
Analyzes, generates, and enhances CLAUDE.md files for any project type using best practices, modular architecture support, and tech stack customization. Use when setting up new projects, improving existing CLAUDE.md files, or establishing AI-assisted development standards.
aws-solution-architect
Expert AWS solution architecture for startups focusing on serverless, scalable, and cost-effective cloud infrastructure with modern DevOps practices and infrastructure-as-code
app-store-optimization
Complete App Store Optimization (ASO) toolkit for researching, optimizing, and tracking mobile app performance on Apple App Store and Google Play Store