Claude Code Plugins

Community-maintained marketplace

Feedback

ms365-tenant-manager

@alirezarezvani/claude-code-skill-factory
40
0

Comprehensive Microsoft 365 tenant administration skill for setup, configuration, user management, security policies, and organizational structure optimization for Global Administrators

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

name ms365-tenant-manager
description Comprehensive Microsoft 365 tenant administration skill for setup, configuration, user management, security policies, and organizational structure optimization for Global Administrators

Microsoft 365 Tenant Manager

This skill provides expert guidance and automation for Microsoft 365 Global Administrators managing tenant setup, configuration, user lifecycle, security policies, and organizational optimization.

Capabilities

  • Tenant Setup & Configuration: Initial tenant setup, domain configuration, DNS records, service provisioning
  • User & Group Management: User lifecycle (create, modify, disable, delete), group creation, license assignment
  • Security & Compliance: Conditional Access policies, MFA setup, DLP policies, retention policies, security baselines
  • SharePoint & OneDrive: Site provisioning, permissions management, storage quotas, sharing policies
  • Teams Administration: Team creation, policy management, guest access, compliance settings
  • Exchange Online: Mailbox management, distribution groups, mail flow rules, anti-spam/malware policies
  • License Management: License allocation, optimization, cost analysis, usage reporting
  • Reporting & Auditing: Activity reports, audit logs, compliance reporting, usage analytics
  • Automation Scripts: PowerShell script generation for bulk operations and recurring tasks
  • Best Practices: Microsoft recommended configurations, security hardening, governance frameworks

Input Requirements

Tenant management tasks require:

  • Action type: setup, configure, create, modify, delete, report, audit
  • Resource details: User info, group names, policy settings, service configurations
  • Organizational context: Company size, industry, compliance requirements (GDPR, HIPAA, etc.)
  • Current state: Existing configurations, licenses, user count
  • Desired outcome: Specific goals, requirements, or changes needed

Formats accepted:

  • Text descriptions of administrative tasks
  • JSON with structured configuration data
  • CSV for bulk user/group operations
  • Existing PowerShell scripts to review or modify

Output Formats

Results include:

  • Step-by-step instructions: Detailed guidance for manual configuration via Admin Center
  • PowerShell scripts: Ready-to-use scripts for automation (with safety checks)
  • Configuration recommendations: Security and governance best practices
  • Validation checklists: Pre/post-implementation verification steps
  • Documentation: Markdown documentation of changes and configurations
  • Rollback procedures: Instructions to undo changes if needed
  • Compliance reports: Security posture and compliance status

How to Use

"Set up a new Microsoft 365 tenant for a 50-person company with security best practices" "Create a PowerShell script to provision 100 users from a CSV file with appropriate licenses" "Configure Conditional Access policy requiring MFA for all admin accounts" "Generate a report of all inactive users in the past 90 days" "Set up Teams policies for external collaboration with security controls"

Scripts

  • tenant_setup.py: Initial tenant configuration and service provisioning automation
  • user_management.py: User lifecycle operations and bulk provisioning
  • security_policies.py: Security policy configuration and compliance checks
  • reporting.py: Analytics, audit logs, and compliance reporting
  • powershell_generator.py: Generates PowerShell scripts for Microsoft Graph API and admin modules

Best Practices

Tenant Setup

  1. Enable MFA first - Before adding users, enforce multi-factor authentication
  2. Configure named locations - Define trusted IP ranges for Conditional Access
  3. Set up privileged access - Use separate admin accounts, enable PIM (Privileged Identity Management)
  4. Domain verification - Add and verify custom domains before bulk user creation
  5. Baseline security - Apply Microsoft Secure Score recommendations immediately

User Management

  1. License assignment - Use group-based licensing for scalability
  2. Naming conventions - Establish consistent user principal names (UPNs) and display names
  3. Lifecycle management - Implement automated onboarding/offboarding workflows
  4. Guest access - Enable only when necessary, set expiration policies
  5. Shared mailboxes - Use for department emails instead of assigning licenses

Security & Compliance

  1. Zero Trust approach - Verify explicitly, use least privilege access, assume breach
  2. Conditional Access - Start with report-only mode, then enforce gradually
  3. Data Loss Prevention - Define sensitive information types, test policies before enforcement
  4. Retention policies - Balance compliance requirements with storage costs
  5. Regular audits - Review permissions, licenses, and security settings quarterly

SharePoint & Teams

  1. Site provisioning - Use templates and governance policies
  2. External sharing - Restrict to specific domains, require authentication
  3. Storage management - Set quotas, enable auto-cleanup of old content
  4. Teams templates - Create standardized team structures for consistency
  5. Guest lifecycle - Set expiration and regular recertification

PowerShell Automation

  1. Use Microsoft Graph - Prefer Graph API over legacy MSOnline modules
  2. Error handling - Include try/catch blocks and validation checks
  3. Dry-run mode - Test scripts with -WhatIf before executing
  4. Logging - Capture all operations for audit trails
  5. Credential management - Use Azure Key Vault or managed identities, never hardcode

Common Tasks

Initial Tenant Setup

  • Configure company branding
  • Add and verify custom domains
  • Set up DNS records (MX, SPF, DKIM, DMARC)
  • Enable required services (Teams, SharePoint, Exchange)
  • Create organizational structure (departments, locations)
  • Set default user settings and policies

User Onboarding

  • Create user accounts (single or bulk)
  • Assign appropriate licenses
  • Add to security and distribution groups
  • Configure mailbox and OneDrive
  • Set up multi-factor authentication
  • Provision Teams access

Security Hardening

  • Enable Security Defaults or Conditional Access
  • Configure MFA enforcement
  • Set up admin role assignments
  • Enable audit logging
  • Configure anti-phishing policies
  • Set up DLP and retention policies

Reporting & Monitoring

  • Active users and license utilization
  • Security incidents and alerts
  • Mailbox usage and storage
  • SharePoint site activity
  • Teams usage and adoption
  • Compliance and audit logs

Limitations

  • Permissions required: Global Administrator or specific role-based permissions
  • API rate limits: Microsoft Graph API has throttling limits for bulk operations
  • License dependencies: Some features require specific license tiers (E3, E5)
  • Delegation constraints: Some tasks cannot be delegated to service principals
  • Regional variations: Compliance features may vary by geographic region
  • Hybrid scenarios: On-premises Active Directory integration requires additional configuration
  • Third-party integrations: External apps may require separate authentication and permissions
  • PowerShell prerequisites: Requires appropriate modules installed (Microsoft.Graph, ExchangeOnlineManagement, etc.)

Security Considerations

Authentication

  • Never store credentials in scripts or configuration files
  • Use Azure Key Vault for credential management
  • Implement certificate-based authentication for automation
  • Enable Conditional Access for admin accounts
  • Use Privileged Identity Management (PIM) for JIT access

Authorization

  • Follow principle of least privilege
  • Use custom admin roles instead of Global Admin when possible
  • Regularly review and audit admin role assignments
  • Enable PIM for temporary elevated access
  • Separate user accounts from admin accounts

Compliance

  • Enable audit logging for all activities
  • Retain logs according to compliance requirements
  • Configure data residency for regulated industries
  • Implement information barriers where needed
  • Regular compliance assessments and reporting

PowerShell Modules Required

To execute generated scripts, ensure these modules are installed:

  • Microsoft.Graph (recommended, modern Graph API)
  • ExchangeOnlineManagement (Exchange Online management)
  • MicrosoftTeams (Teams administration)
  • SharePointPnPPowerShellOnline (SharePoint management)
  • AzureAD or AzureADPreview (Azure AD management - being deprecated)
  • MSOnline (Legacy, being deprecated - avoid when possible)

Updates & Maintenance

  • Microsoft 365 features and APIs evolve rapidly
  • Review Microsoft 365 Roadmap regularly for upcoming changes
  • Test scripts in non-production tenant before production deployment
  • Subscribe to Microsoft 365 Admin Center message center for updates
  • Keep PowerShell modules updated to latest versions
  • Regular security baseline reviews (quarterly recommended)

Helpful Resources