As we begin to move into the modern desktop environment from Microsoft, we will be relying heavily on Microsoft 365 Business for our customers baseline subscription. The process can get redundant if you are implementing many of the same practices across your customer base. We need our processes to be as automated as possible to save us time and reduce human error. For this reason I create a powershell run book that configures an entire M365 environment in a single command. This runbook was meant for theĀ M365 Business skuĀ but it can be customized to meet the requirements of what you want as a template
What the runbook creates
All users and groups with assigned licenses added
MFA for all users
.
Encryption Rules Set up to auto-apply for DLP
Azure Information Protection label for encryption of documents and emails
.
Advanced Threat Protection policies set up for safe links and safe attachments
Microsoft Authenticator pushed out as a required App for iOS and Android devices
A device compliance policy for iOS, Android, and Windows
A device configuration policy for Windows Devices to have BitLocker
.
Terms and Conditions for when users enroll
Office 365 Business pushed out as a required App to window 10 devices and an uninstall of existing versions of Proplus
Customize Your Runbook and Settings
Configure Individual Settings
You will be able to customize each configuration setting if you do not want to match the default settings I have selected as best practices
Add/Remove Pieces of the Runbook
Find what works best across your customer base and cut out what doesn’t. Comment below on features you would use across your customer base
