Get the FREE Ultimate OpenClaw Setup Guide →

ms365-tenant-manager

npx machina-cli add skill alirezarezvani/claude-skills/ms365-tenant-manager --openclaw
Files (1)
SKILL.md
7.5 KB

Microsoft 365 Tenant Manager

Expert guidance and automation for Microsoft 365 Global Administrators managing tenant setup, user lifecycle, security policies, and organizational optimization.

Table of Contents

Trigger Phrases

Use this skill when you hear:

  • "set up Microsoft 365 tenant"
  • "create Office 365 users"
  • "configure Azure AD"
  • "generate PowerShell script for M365"
  • "set up Conditional Access"
  • "bulk user provisioning"
  • "M365 security audit"
  • "license management"
  • "Exchange Online configuration"
  • "Teams administration"

Quick Start

Generate Security Audit Script

python scripts/powershell_generator.py --action audit --output audit_script.ps1

Create Bulk User Provisioning Script

python scripts/user_management.py --action provision --csv users.csv --license E3

Configure Conditional Access Policy

python scripts/powershell_generator.py --action conditional-access --require-mfa --include-admins

Tools

powershell_generator.py

Generates ready-to-use PowerShell scripts for Microsoft 365 administration.

Usage:

# Generate security audit script
python scripts/powershell_generator.py --action audit

# Generate Conditional Access policy script
python scripts/powershell_generator.py --action conditional-access \
  --policy-name "Require MFA for Admins" \
  --require-mfa \
  --include-users "All"

# Generate bulk license assignment script
python scripts/powershell_generator.py --action license \
  --csv users.csv \
  --sku "ENTERPRISEPACK"

Parameters:

ParameterRequiredDescription
--actionYesScript type: audit, conditional-access, license, users
--policy-nameNoName for Conditional Access policy
--require-mfaNoRequire MFA in policy
--include-usersNoUsers to include: All or specific UPNs
--csvNoCSV file path for bulk operations
--skuNoLicense SKU for assignment
--outputNoOutput file path (default: stdout)

Output: Complete PowerShell scripts with error handling, logging, and best practices.

user_management.py

Automates user lifecycle operations and bulk provisioning.

Usage:

# Provision users from CSV
python scripts/user_management.py --action provision --csv new_users.csv

# Offboard user securely
python scripts/user_management.py --action offboard --user john.doe@company.com

# Generate inactive users report
python scripts/user_management.py --action report-inactive --days 90

Parameters:

ParameterRequiredDescription
--actionYesOperation: provision, offboard, report-inactive, sync
--csvNoCSV file for bulk operations
--userNoSingle user UPN
--daysNoDays for inactivity threshold (default: 90)
--licenseNoLicense SKU to assign

tenant_setup.py

Initial tenant configuration and service provisioning automation.

Usage:

# Generate tenant setup checklist
python scripts/tenant_setup.py --action checklist --company "Acme Inc" --users 50

# Generate DNS records configuration
python scripts/tenant_setup.py --action dns --domain acme.com

# Generate security baseline script
python scripts/tenant_setup.py --action security-baseline

Workflows

Workflow 1: New Tenant Setup

Step 1: Generate Setup Checklist

python scripts/tenant_setup.py --action checklist --company "Company Name" --users 100

Step 2: Configure DNS Records

python scripts/tenant_setup.py --action dns --domain company.com

Step 3: Apply Security Baseline

python scripts/powershell_generator.py --action audit > initial_audit.ps1

Step 4: Provision Users

python scripts/user_management.py --action provision --csv employees.csv --license E3

Workflow 2: Security Hardening

Step 1: Run Security Audit

python scripts/powershell_generator.py --action audit --output security_audit.ps1

Step 2: Create MFA Policy

python scripts/powershell_generator.py --action conditional-access \
  --policy-name "Require MFA All Users" \
  --require-mfa \
  --include-users "All"

Step 3: Review Results

Execute generated scripts and review CSV reports in output directory.

Workflow 3: User Offboarding

Step 1: Generate Offboarding Script

python scripts/user_management.py --action offboard --user departing.user@company.com

Step 2: Execute Script with -WhatIf

.\offboard_user.ps1 -WhatIf

Step 3: Execute for Real

.\offboard_user.ps1 -Confirm:$false

Best Practices

Tenant Setup

  1. Enable MFA before adding users
  2. Configure named locations for Conditional Access
  3. Use separate admin accounts with PIM
  4. Verify custom domains before bulk user creation
  5. Apply Microsoft Secure Score recommendations

Security Operations

  1. Start Conditional Access policies in report-only mode
  2. Use -WhatIf parameter before executing scripts
  3. Never hardcode credentials in scripts
  4. Enable audit logging for all operations
  5. Regular quarterly security reviews

PowerShell Automation

  1. Prefer Microsoft Graph over legacy MSOnline modules
  2. Include try/catch blocks for error handling
  3. Implement logging for audit trails
  4. Use Azure Key Vault for credential management
  5. Test in non-production tenant first

Reference Guides

When to Use Each Reference

references/powershell-templates.md

  • Ready-to-use script templates
  • Conditional Access policy examples
  • Bulk user provisioning scripts
  • Security audit scripts

references/security-policies.md

  • Conditional Access configuration
  • MFA enforcement strategies
  • DLP and retention policies
  • Security baseline settings

references/troubleshooting.md

  • Common error resolutions
  • PowerShell module issues
  • Permission troubleshooting
  • DNS propagation problems

Limitations

ConstraintImpact
Global Admin requiredFull tenant setup needs highest privilege
API rate limitsBulk operations may be throttled
License dependenciesE3/E5 required for advanced features
Hybrid scenariosOn-premises AD needs additional configuration
PowerShell prerequisitesMicrosoft.Graph module required

Required PowerShell Modules

Install-Module Microsoft.Graph -Scope CurrentUser
Install-Module ExchangeOnlineManagement -Scope CurrentUser
Install-Module MicrosoftTeams -Scope CurrentUser

Required Permissions

  • Global Administrator - Full tenant setup
  • User Administrator - User management
  • Security Administrator - Security policies
  • Exchange Administrator - Mailbox management

Source

git clone https://github.com/alirezarezvani/claude-skills/blob/main/engineering-team/ms365-tenant-manager/SKILL.mdView on GitHub

Overview

Microsoft 365 Tenant Manager delivers expert guidance and automation for Global Administrators managing tenant setup, user lifecycle, security policies, and organizational optimization. It covers Office 365 admin tasks, Azure AD user management, Exchange Online, and Teams administration, and can generate ready-to-run PowerShell scripts for bulk operations, Conditional Access, license management, and compliance reporting. Designed for M365 tenant managers, Office 365 admins, and Global Administrators.

How This Skill Works

Speak in trigger phrases to activate focused workflows. The skill relies on Python-based script generators (powershell_generator.py, user_management.py, tenant_setup.py) to produce ready-to-use PowerShell scripts with built-in error handling, logging, and best practices for production use.

When to Use It

  • Set up a new Microsoft 365 tenant with baseline provisioning
  • Bulk-create Office 365 users from a CSV and assign licenses
  • Configure Azure AD with security policies, including Conditional Access and MFA
  • Generate and deploy PowerShell scripts for bulk operations, licenses, and audits
  • Run a security/compliance audit and generate reports

Quick Start

  1. Step 1: Generate Security Audit Script - python scripts/powershell_generator.py --action audit --output audit_script.ps1
  2. Step 2: Create Bulk User Provisioning Script - python scripts/user_management.py --action provision --csv users.csv --license E3
  3. Step 3: Configure Conditional Access Policy - python scripts/powershell_generator.py --action conditional-access --require-mfa --include-admins

Best Practices

  • Test all scripts in a non-production tenant before production rollout
  • Name and scope Conditional Access policies clearly and review admin impact
  • Include error handling, logging, and rollback capabilities in scripts
  • Keep license SKUs aligned with your licensing plan (e.g., E3, E5)
  • Regularly review audit and compliance outputs for anomalies and trends

Example Use Cases

  • Provision 100 users from a CSV and assign E3 licenses with a single script
  • Audit tenant security posture and export a compliance report
  • Configure MFA-required Conditional Access for administrators
  • Export Exchange Online configuration baseline and verify mailbox rules
  • Set up Teams governance policies using generated scripts

Frequently Asked Questions

Add this skill to your agents
Sponsor this space

Reach thousands of developers