Zero Trust and advanced security controls matter, but they sit on top of ordinary enterprise decisions: identity, users, groups, licensing, collaboration structure, device management, and administrative governance.
Website Phase 2 - Microsoft Enterprise
Project Azure Enterprise
Building a Microsoft enterprise environment from the ground up.
This project is designed around a practical question: what would a Head of IT actually build for a 300-person organization? The focus is not passing an Azure exam. The focus is understanding the baseline Microsoft enterprise stack, making operational decisions, and documenting how identity, collaboration, endpoint management, governance, and security fit together.
- Scenario300-person organization
- FocusMicrosoft enterprise baseline
- IdentityEntra ID
- ProductivityMicrosoft 365
- EndpointIntune
- SecurityConditional Access and Defender
- OutputGovernance documentation
Why This Project Exists
Many organizations jump to advanced security before they understand the Microsoft foundation underneath it.
This build intentionally starts with the basics first: Entra ID, Microsoft 365, SharePoint structure, Teams, Exchange, Intune, Conditional Access planning, Defender, and the documentation needed to operate the environment responsibly.
Business / Operational Value
A useful enterprise baseline should make the environment easier to run, secure, explain, and improve.
Identity and Access Management
Build a clean identity foundation with users, groups, roles, access patterns, and administrative boundaries.
Collaboration and Document Structure
Design SharePoint, Teams, and document libraries so people can find work without creating uncontrolled sprawl.
Endpoint Management
Use Intune to understand enrollment, baseline policy design, device visibility, and operational support needs.
Security and Compliance Readiness
Prepare the environment for Defender, Conditional Access, auditability, and practical control ownership.
Governance and Administration
Document who owns what, which roles exist, how changes are made, and where administrative risk lives.
Cost-Aware Cloud Operations
Review licensing, lab design, and feature choices so learning stays useful without turning into waste.
Planned Technical Scope
The first version is a baseline Microsoft enterprise stack, documented as an operating environment.
Microsoft 365 tenant setup
Establish the core tenant, initial settings, and administrative access model.
Entra ID baseline
Build the identity foundation before layering on advanced security controls.
User and group design
Create practical users, groups, naming patterns, and access structures for a 300-person company.
Administrative roles
Review role assignments, privileged access, and separation of duties.
Exchange Online baseline
Document mailbox, distribution, shared mailbox, and mail flow decisions.
SharePoint sites and document libraries
Design the collaboration and document structure instead of letting it grow randomly.
Teams structure
Map Teams to departments, projects, governance boundaries, and real working patterns.
Intune enrollment and policy design
Plan device onboarding, configuration profiles, compliance policies, and support paths.
Conditional Access planning
Design access rules carefully so controls improve security without hiding the fundamentals.
Defender and security baseline
Review Defender capabilities, alerts, posture management, and practical response ownership.
Licensing review
Connect technical choices to license tiers, feature access, and lab cost control.
Backup / recovery considerations
Document what Microsoft protects, what still needs planning, and how recovery expectations should be set.
Governance documentation
Create the decision records, checklists, and administrative notes needed to run the baseline.
Project Phases
The work moves from tenant foundation to services, endpoint management, security, and executive review.
- Phase 1Tenant and Identity Baseline
- Phase 2Microsoft 365 Core Services
- Phase 3SharePoint and Teams Design
- Phase 4Endpoint Management with Intune
- Phase 5Security and Conditional Access
- Phase 6Governance, Documentation, and Executive Review
Current Status
Status: Active / In Progress
The initial focus is understanding the baseline environment before enabling advanced controls that could block learning. Zero Trust will be introduced later once the foundation is understood.
Matt's Notes
Learn the baseline first. Then make the controls intentional.
Zero Trust matters, but applying it too early can hide the fundamentals. I want to understand the full baseline first: how the tenant is structured, how users collaborate, how SharePoint is organized, how devices are managed, and where governance actually lives. Once that foundation is clear, security controls become easier to design intentionally instead of just turning knobs and hoping nothing breaks.
Future Improvements
Future updates will turn the baseline into diagrams, examples, screenshots, and executive-ready artifacts.
- Architecture diagram
- Screenshot walkthroughs
- SharePoint folder design examples
- Intune policy examples
- Conditional Access decision matrix
- Governance checklist
- Executive summary document