Ms365 Tenant Manager
Administer Microsoft 365 tenants with automated management and integration
Category: productivity Source: alirezarezvani/claude-skillsMS365 Tenant Manager is an AI skill that provides guidance for administering and configuring Microsoft 365 tenant environments. It covers user and license management, security policy configuration, compliance settings, Exchange Online administration, SharePoint and Teams governance, and PowerShell automation that maintain secure, well-organized M365 tenants.
What Is This?
Overview
MS365 Tenant Manager delivers structured administration workflows for Microsoft 365 environments. It addresses user lifecycle management including provisioning, licensing, and offboarding, security configuration covering conditional access, MFA enforcement, and threat protection policies, compliance settings for data loss prevention, retention policies, and eDiscovery, Exchange Online administration including mail flow rules, shared mailboxes, and distribution groups, SharePoint Online and OneDrive governance including sharing policies and site management, and PowerShell automation using Microsoft Graph and Exchange Online modules for bulk operations. The skill also supports hybrid configurations where on-premises Active Directory synchronizes with Azure AD through Entra Connect.
Who Should Use This
This skill serves IT administrators managing Microsoft 365 environments, security teams configuring tenant-level protection policies, compliance officers implementing data governance in M365, and DevOps engineers automating M365 administration tasks. Organizations of any size benefit, from small businesses establishing initial tenant configurations to enterprises managing thousands of licensed users across multiple geographic regions.
Why Use It?
Problems It Solves
M365 tenants require ongoing management across multiple admin centers with different interfaces and capabilities. Manual user provisioning and offboarding is error-prone, leading to orphaned accounts and license waste. Security configurations across identity, email, and collaboration services need coordinated setup. Without automation, repetitive administrative tasks consume excessive IT staff time and introduce inconsistencies that create security gaps over time.
Core Highlights
The skill provides PowerShell scripts for common bulk operations that save hours of manual admin center work. Security configuration follows Microsoft's recommended baseline policies. Compliance settings address common regulatory requirements including HIPAA, GDPR, and SOC 2 frameworks. Automated reporting tracks license utilization and security posture, giving administrators clear visibility into tenant health.
How to Use It?
Basic Usage
Connect-MgGraph -Scopes "User.ReadWrite.All","Directory.ReadWrite.All"
Connect-ExchangeOnline
$users = Import-Csv "new_users.csv"
foreach ($user in $users) {
$passwordProfile = @{
Password = (New-Guid).ToString().Substring(0,12) + "!A1"
ForceChangePasswordNextSignIn = $true
}
New-MgUser -DisplayName $user.DisplayName `
-UserPrincipalName $user.UPN `
-MailNickname $user.Alias `
-PasswordProfile $passwordProfile `
-AccountEnabled:$true
Set-MgUserLicense -UserId $user.UPN `
-AddLicenses @{SkuId = $user.LicenseSkuId} `
-RemoveLicenses @()
Write-Host "Created: $($user.DisplayName)"
}
Real-World Examples
$policy = @{
DisplayName = "Require MFA for all users"
State = "enabledForReportingButNotEnforced"
Conditions = @{
Users = @{ IncludeUsers = @("All") }
Applications = @{ IncludeApplications = @("All") }
}
GrantControls = @{
BuiltInControls = @("mfa")
Operator = "OR"
}
}
New-MgIdentityConditionalAccessPolicy -BodyParameter $policy
$subscriptions = Get-MgSubscribedSku
foreach ($sub in $subscriptions) {
$total = $sub.PrepaidUnits.Enabled
$consumed = $sub.ConsumedUnits
$available = $total - $consumed
Write-Host "$($sub.SkuPartNumber): $consumed/$total used ($available available)"
}
Advanced Tips
Use report-only mode for conditional access policies to evaluate impact before enforcement. Implement scheduled PowerShell scripts that audit stale accounts and unused licenses monthly. Create templated configurations for different user types (standard, admin, contractor) to ensure consistent provisioning. Store reusable configuration templates in a version-controlled repository so changes are tracked and rollback is straightforward when policy updates cause unintended access issues.
When to Use It?
Use Cases
Use MS365 Tenant Manager when setting up a new Microsoft 365 tenant with security best practices, when automating user provisioning and offboarding processes, when implementing compliance policies for regulated industries, or when auditing existing tenant configuration for security gaps.
Related Topics
Microsoft Graph API, Azure Active Directory administration, Exchange Online management, SharePoint administration, and Microsoft 365 security and compliance center all complement tenant management.
Important Notes
Requirements
Global administrator or appropriate role-based admin access to the M365 tenant. PowerShell modules including Microsoft.Graph, ExchangeOnlineManagement, and SharePoint Online. Understanding of the organization's licensing agreement and security requirements.
Usage Recommendations
Do: start conditional access policies in report-only mode before enabling enforcement. Maintain a documented baseline configuration that new tenants follow. Automate recurring tasks like license audits and stale account detection with scheduled scripts.
Don't: grant global administrator access broadly when more specific admin roles would suffice. Apply security policies in enforcement mode without testing impact on existing users. Delete user accounts during offboarding before completing data retention and transfer procedures.
Limitations
PowerShell commands depend on module versions and may change with Microsoft updates. Some admin center features do not have PowerShell equivalents and require manual configuration. Conditional access policies interact in complex ways, and testing all combinations requires careful planning. Tenant configuration changes may take time to propagate across M365 services.