Website Phase 2 - Microsoft Enterprise

Project Azure Enterprise

Building a Microsoft enterprise environment from the ground up.

This project is designed around a practical question: what would a Head of IT actually build for a 300-person organization? The focus is not passing an Azure exam. The focus is understanding the baseline Microsoft enterprise stack, making operational decisions, and documenting how identity, collaboration, endpoint management, governance, and security fit together.

Status Active / In Progress
  • Scenario300-person organization
  • FocusMicrosoft enterprise baseline
  • IdentityEntra ID
  • ProductivityMicrosoft 365
  • EndpointIntune
  • SecurityConditional Access and Defender
  • OutputGovernance documentation

Why This Project Exists

Many organizations jump to advanced security before they understand the Microsoft foundation underneath it.

Operating Problem

Zero Trust and advanced security controls matter, but they sit on top of ordinary enterprise decisions: identity, users, groups, licensing, collaboration structure, device management, and administrative governance.

Project Approach

This build intentionally starts with the basics first: Entra ID, Microsoft 365, SharePoint structure, Teams, Exchange, Intune, Conditional Access planning, Defender, and the documentation needed to operate the environment responsibly.

Business / Operational Value

A useful enterprise baseline should make the environment easier to run, secure, explain, and improve.

Identity and Access Management

Build a clean identity foundation with users, groups, roles, access patterns, and administrative boundaries.

Collaboration and Document Structure

Design SharePoint, Teams, and document libraries so people can find work without creating uncontrolled sprawl.

Endpoint Management

Use Intune to understand enrollment, baseline policy design, device visibility, and operational support needs.

Security and Compliance Readiness

Prepare the environment for Defender, Conditional Access, auditability, and practical control ownership.

Governance and Administration

Document who owns what, which roles exist, how changes are made, and where administrative risk lives.

Cost-Aware Cloud Operations

Review licensing, lab design, and feature choices so learning stays useful without turning into waste.

Planned Technical Scope

The first version is a baseline Microsoft enterprise stack, documented as an operating environment.

Tenant

Microsoft 365 tenant setup

Establish the core tenant, initial settings, and administrative access model.

Identity

Entra ID baseline

Build the identity foundation before layering on advanced security controls.

Directory Design

User and group design

Create practical users, groups, naming patterns, and access structures for a 300-person company.

Administration

Administrative roles

Review role assignments, privileged access, and separation of duties.

Messaging

Exchange Online baseline

Document mailbox, distribution, shared mailbox, and mail flow decisions.

Content

SharePoint sites and document libraries

Design the collaboration and document structure instead of letting it grow randomly.

Collaboration

Teams structure

Map Teams to departments, projects, governance boundaries, and real working patterns.

Endpoint

Intune enrollment and policy design

Plan device onboarding, configuration profiles, compliance policies, and support paths.

Access Control

Conditional Access planning

Design access rules carefully so controls improve security without hiding the fundamentals.

Security

Defender and security baseline

Review Defender capabilities, alerts, posture management, and practical response ownership.

Cost

Licensing review

Connect technical choices to license tiers, feature access, and lab cost control.

Resilience

Backup / recovery considerations

Document what Microsoft protects, what still needs planning, and how recovery expectations should be set.

Operating Model

Governance documentation

Create the decision records, checklists, and administrative notes needed to run the baseline.

Project Phases

The work moves from tenant foundation to services, endpoint management, security, and executive review.

  1. Phase 1Tenant and Identity Baseline
  2. Phase 2Microsoft 365 Core Services
  3. Phase 3SharePoint and Teams Design
  4. Phase 4Endpoint Management with Intune
  5. Phase 5Security and Conditional Access
  6. Phase 6Governance, Documentation, and Executive Review

Current Status

Status: Active / In Progress

The initial focus is understanding the baseline environment before enabling advanced controls that could block learning. Zero Trust will be introduced later once the foundation is understood.

Matt's Notes

Learn the baseline first. Then make the controls intentional.

Zero Trust matters, but applying it too early can hide the fundamentals. I want to understand the full baseline first: how the tenant is structured, how users collaborate, how SharePoint is organized, how devices are managed, and where governance actually lives. Once that foundation is clear, security controls become easier to design intentionally instead of just turning knobs and hoping nothing breaks.

Future Improvements

Future updates will turn the baseline into diagrams, examples, screenshots, and executive-ready artifacts.

  • Architecture diagram
  • Screenshot walkthroughs
  • SharePoint folder design examples
  • Intune policy examples
  • Conditional Access decision matrix
  • Governance checklist
  • Executive summary document