‹ 首页

ms365-tenant-manager

@alirezarezvani · 收录于 1 周前 · 上游提交 8 个月前

Comprehensive Microsoft 365 tenant administration skill for setup, configuration, user management, security policies, and organizational structure optimization for Global Administrators

适合你,如果你是负责 Microsoft 365 租户全局管理的管理员

/ 下载安装
ms365-tenant-manager.skill双击,或拖进 Claude 桌面版 / Cowork,即完成安装↓ .skill↓ .zip
用别的 agent?下载 .zip 解压,把文件夹放进它的技能目录
Claude Code~/.claude/skills/(项目级 .claude/skills/)
Codex CLI~/.codex/skills/
Cursor自动读取上面两处目录
其他工具见其文档的「skills」目录;两个下载是同一份文件,只是名字不同
/ 通过 npx 安装 校验哈希
npx oh-my-skill add alirezarezvani/claude-code-skill-factory/ms365-tenant-manager
/ 通过 bash 安装
curl -fsSL https://oh-my-skill.com/install.sh | bash -s -- alirezarezvani/claude-code-skill-factory/ms365-tenant-manager
/ 已经装过?验证本机副本,不用重装
npx oh-my-skill verify alirezarezvani/claude-code-skill-factory/ms365-tenant-manager
安装目标可用 --agent / --scope 或 --to 明确指定;省略时只会在唯一已存在的 agent 目录上自动选择,零命中或多命中会停止并提示。content_hash 缺失或不一致均拒装。
827GitHub stars
~1.7K最小装载
~8.7K含声明引用
~10.5K文本包总量
镜像托管

怎么用

技能原文 SKILL.md作者撰写 · MIT · ba18b31

Microsoft 365 Tenant Manager

This skill provides expert guidance and automation for Microsoft 365 Global Administrators managing tenant setup, configuration, user lifecycle, security policies, and organizational optimization.

Capabilities
  • Tenant Setup & Configuration: Initial tenant setup, domain configuration, DNS records, service provisioning
  • User & Group Management: User lifecycle (create, modify, disable, delete), group creation, license assignment
  • Security & Compliance: Conditional Access policies, MFA setup, DLP policies, retention policies, security baselines
  • SharePoint & OneDrive: Site provisioning, permissions management, storage quotas, sharing policies
  • Teams Administration: Team creation, policy management, guest access, compliance settings
  • Exchange Online: Mailbox management, distribution groups, mail flow rules, anti-spam/malware policies
  • License Management: License allocation, optimization, cost analysis, usage reporting
  • Reporting & Auditing: Activity reports, audit logs, compliance reporting, usage analytics
  • Automation Scripts: PowerShell script generation for bulk operations and recurring tasks
  • Best Practices: Microsoft recommended configurations, security hardening, governance frameworks
Input Requirements

Tenant management tasks require:

  • Action type: setup, configure, create, modify, delete, report, audit
  • Resource details: User info, group names, policy settings, service configurations
  • Organizational context: Company size, industry, compliance requirements (GDPR, HIPAA, etc.)
  • Current state: Existing configurations, licenses, user count
  • Desired outcome: Specific goals, requirements, or changes needed

Formats accepted:

  • Text descriptions of administrative tasks
  • JSON with structured configuration data
  • CSV for bulk user/group operations
  • Existing PowerShell scripts to review or modify
Output Formats

Results include:

  • Step-by-step instructions: Detailed guidance for manual configuration via Admin Center
  • PowerShell scripts: Ready-to-use scripts for automation (with safety checks)
  • Configuration recommendations: Security and governance best practices
  • Validation checklists: Pre/post-implementation verification steps
  • Documentation: Markdown documentation of changes and configurations
  • Rollback procedures: Instructions to undo changes if needed
  • Compliance reports: Security posture and compliance status
How to Use

"Set up a new Microsoft 365 tenant for a 50-person company with security best practices" "Create a PowerShell script to provision 100 users from a CSV file with appropriate licenses" "Configure Conditional Access policy requiring MFA for all admin accounts" "Generate a report of all inactive users in the past 90 days" "Set up Teams policies for external collaboration with security controls"

Scripts
  • tenant_setup.py: Initial tenant configuration and service provisioning automation
  • user_management.py: User lifecycle operations and bulk provisioning
  • security_policies.py: Security policy configuration and compliance checks
  • reporting.py: Analytics, audit logs, and compliance reporting
  • powershell_generator.py: Generates PowerShell scripts for Microsoft Graph API and admin modules
Best Practices
Tenant Setup
  1. Enable MFA first - Before adding users, enforce multi-factor authentication
  2. Configure named locations - Define trusted IP ranges for Conditional Access
  3. Set up privileged access - Use separate admin accounts, enable PIM (Privileged Identity Management)
  4. Domain verification - Add and verify custom domains before bulk user creation
  5. Baseline security - Apply Microsoft Secure Score recommendations immediately
User Management
  1. License assignment - Use group-based licensing for scalability
  2. Naming conventions - Establish consistent user principal names (UPNs) and display names
  3. Lifecycle management - Implement automated onboarding/offboarding workflows
  4. Guest access - Enable only when necessary, set expiration policies
  5. Shared mailboxes - Use for department emails instead of assigning licenses
Security & Compliance
  1. Zero Trust approach - Verify explicitly, use least privilege access, assume breach
  2. Conditional Access - Start with report-only mode, then enforce gradually
  3. Data Loss Prevention - Define sensitive information types, test policies before enforcement
  4. Retention policies - Balance compliance requirements with storage costs
  5. Regular audits - Review permissions, licenses, and security settings quarterly
SharePoint & Teams
  1. Site provisioning - Use templates and governance policies
  2. External sharing - Restrict to specific domains, require authentication
  3. Storage management - Set quotas, enable auto-cleanup of old content
  4. Teams templates - Create standardized team structures for consistency
  5. Guest lifecycle - Set expiration and regular recertification
PowerShell Automation
  1. Use Microsoft Graph - Prefer Graph API over legacy MSOnline modules
  2. Error handling - Include try/catch blocks and validation checks
  3. Dry-run mode - Test scripts with -WhatIf before executing
  4. Logging - Capture all operations for audit trails
  5. Credential management - Use Azure Key Vault or managed identities, never hardcode
Common Tasks
Initial Tenant Setup
  • Configure company branding
  • Add and verify custom domains
  • Set up DNS records (MX, SPF, DKIM, DMARC)
  • Enable required services (Teams, SharePoint, Exchange)
  • Create organizational structure (departments, locations)
  • Set default user settings and policies
User Onboarding
  • Create user accounts (single or bulk)
  • Assign appropriate licenses
  • Add to security and distribution groups
  • Configure mailbox and OneDrive
  • Set up multi-factor authentication
  • Provision Teams access
Security Hardening
  • Enable Security Defaults or Conditional Access
  • Configure MFA enforcement
  • Set up admin role assignments
  • Enable audit logging
  • Configure anti-phishing policies
  • Set up DLP and retention policies
Reporting & Monitoring
  • Active users and license utilization
  • Security incidents and alerts
  • Mailbox usage and storage
  • SharePoint site activity
  • Teams usage and adoption
  • Compliance and audit logs
Limitations
  • Permissions required: Global Administrator or specific role-based permissions
  • API rate limits: Microsoft Graph API has throttling limits for bulk operations
  • License dependencies: Some features require specific license tiers (E3, E5)
  • Delegation constraints: Some tasks cannot be delegated to service principals
  • Regional variations: Compliance features may vary by geographic region
  • Hybrid scenarios: On-premises Active Directory integration requires additional configuration
  • Third-party integrations: External apps may require separate authentication and permissions
  • PowerShell prerequisites: Requires appropriate modules installed (Microsoft.Graph, ExchangeOnlineManagement, etc.)
Security Considerations
Authentication
  • Never store credentials in scripts or configuration files
  • Use Azure Key Vault for credential management
  • Implement certificate-based authentication for automation
  • Enable Conditional Access for admin accounts
  • Use Privileged Identity Management (PIM) for JIT access
Authorization
  • Follow principle of least privilege
  • Use custom admin roles instead of Global Admin when possible
  • Regularly review and audit admin role assignments
  • Enable PIM for temporary elevated access
  • Separate user accounts from admin accounts
Compliance
  • Enable audit logging for all activities
  • Retain logs according to compliance requirements
  • Configure data residency for regulated industries
  • Implement information barriers where needed
  • Regular compliance assessments and reporting
PowerShell Modules Required

To execute generated scripts, ensure these modules are installed:

  • Microsoft.Graph (recommended, modern Graph API)
  • ExchangeOnlineManagement (Exchange Online management)
  • MicrosoftTeams (Teams administration)
  • SharePointPnPPowerShellOnline (SharePoint management)
  • AzureAD or AzureADPreview (Azure AD management - being deprecated)
  • MSOnline (Legacy, being deprecated - avoid when possible)
Updates & Maintenance
  • Microsoft 365 features and APIs evolve rapidly
  • Review Microsoft 365 Roadmap regularly for upcoming changes
  • Test scripts in non-production tenant before production deployment
  • Subscribe to Microsoft 365 Admin Center message center for updates
  • Keep PowerShell modules updated to latest versions
  • Regular security baseline reviews (quarterly recommended)
Helpful Resources
  • Microsoft 365 Admin Center: https://admin.microsoft.com
  • Microsoft Graph Explorer: https://developer.microsoft.com/graph/graph-explorer
  • PowerShell Gallery: https://www.powershellgallery.com
  • Microsoft Secure Score: Security posture assessment in Admin Center
  • Microsoft 365 Compliance Center: https://compliance.microsoft.com
  • Azure AD Conditional Access: Identity and access management policies
按 MIT 许可原样转载,未经改动 · 在 GitHub 查看 →

评论

登录即可评论;带「已验证安装」的,是发布者名下有本店的安装或持有记录。