matt-taylor.tech
← Back to projects

Work · National food brokerage · Since 2022

Microsoft 365 tenant architecture and governance

Microsoft Entra ID Conditional Access Privileged Identity Management Microsoft 365 Microsoft Graph

The documented architecture and governance of the Microsoft 365 estate. This is the reference layer that every identity, security, and automation decision builds on: how identity is structured, how access is controlled, what is licensed and why, and how each workload is configured.

Identity governance

  • Entra ID structure. Groups, admin roles, and authentication methods, with the group taxonomy anchored on standardized attributes so dynamic membership, licensing, and policy scoping all key off the same source.
  • Privileged Identity Management. Just-in-time elevation for admin roles with periodic access reviews.
  • App and enterprise-app inventory. App registrations and enterprise-app SaaS integrations documented, plus external-identity handling.

Access control

  • Conditional Access design with named locations, covering device compliance, location, and risk-based sign-in across the estate.
  • Least-privilege scoping so access is granted narrowly and reviewed rather than accumulated.

Licensing and workloads

  • Licensing model mapped to SKUs, so entitlements and cost are understood rather than guessed.
  • Workload configuration documented across Exchange Online (mail flow and connectors), Teams (including voice and resource accounts), SharePoint, OneDrive, and Power Platform.

What this demonstrates

  • Governing a tenant as a system identity, access, licensing, and workloads treated as one documented, coherent architecture rather than a pile of point settings.
  • The foundation under everything else the automation, security, and reporting work all depend on this layer being deliberate and written down.