Microsoft 365 · Lab Tenant Case Study · Self-Directed · 2025
TechSolutions Inc. is a representative 300-employee Microsoft 365 scenario implemented with 10 sample users in a live lab tenant. The case study documents identity, licensing, collaboration, security controls, DLP validation, monitoring, and automation workflows.
Before a single email is sent or a document shared, the right people need to be in the right places with the right access. Phase 01 was about establishing TechSolutions' identity layer — bulk user onboarding, department structure, licensing, and permissions — so the rest of the deployment had solid ground to build on.
TechSolutions has three departments: IT, HR, and Marketing. Rather than creating user accounts one by one, I prepared a structured CSV file containing all 10 employee accounts — with UPN, display name, department, and country — then imported them directly through the Microsoft 365 Admin Center in a single operation. Every account was automatically provisioned with correct departmental metadata from day one.
Each imported account was assigned a Microsoft 365 E5 license — the highest tier, covering Defender, Purview, Power Automate, and the full compliance stack. Profile pictures were standardized using the TechSolutions company logo to maintain consistent branding across the Admin Center, Teams, and Outlook. Department fields, job titles, and contact information were populated across all accounts.
Three Microsoft 365 Groups were created — one per department — with users assigned to their respective groups. A fourth master TechSolutions group containing all users was created for tenant-wide communications and simplified license management. Group creation in M365 automatically provisions a shared mailbox, SharePoint site, Teams workspace, and Planner — one action, five connected services.
Permissions were configured at the group level: the HR group received Full Control on the TechSolutions HR SharePoint site and Edit-level access for members, supporting a more restricted HR collaboration model. The Marketing group was granted rights to create and manage Microsoft Teams workspaces, confirmed by successfully provisioning a Marketing team and adding all Marketing users as members.
An M365 tenant needs layered controls across identity, email, data, and collaboration. Phase 02 configured representative protections for email-borne attacks, phishing, malware handling, unauthorized data sharing, and internal data leak detection in a live lab tenant.
Safe Links and Safe Attachments were enabled under Preset Security Policies — Standard and Strict protection applied to inbound email in the lab. Safe Links rewrites URLs at time-of-click and Safe Attachments evaluates suspicious files before delivery. Together, these controls reduce common email-based risk.
Anti-phishing was configured through Microsoft Defender's Threat Policies. Mailbox intelligence and spoof intelligence were both enabled — allowing Defender to learn normal sending patterns and flag anomalies. Phishing threshold was set to Standard. Zero impersonated domains or users were detected in the 7-day window post-configuration, confirming clean baseline.
A mail flow rule was configured in the Exchange Admin Center to automatically apply Microsoft 365 Message Encryption (OME) to all internal-to-internal emails. The rule — "Encrypt All Internal Emails" — was enabled and confirmed active. This ensures that any communication between TechSolutions employees is encrypted in transit, with no action required from the sender.
Two DLP policies were created in Microsoft Purview targeting the highest-risk data types for a Canadian organization: Canadian Personally Identifiable Information (PII) and financial data including credit card numbers. Both policies were set to active status and verified by triggering a test — an email containing credit card data immediately generated a high-severity DLP alert, confirming detection was working in real time.
Beyond perimeter security, Insider Risk Management was configured in Microsoft Purview to model internal data leak detection. A Data Leaks quick policy was deployed for lab users, with DLP policies integrated as policy indicators. Adaptive Protection evidence was captured to show how risk-based controls can be staged and reviewed.
The Microsoft Secure Score dashboard was reviewed to assess TechSolutions' overall security posture post-configuration. The score reflected the protections deployed across identity, data, and collaboration layers — with recommended improvement actions flagged for ongoing hardening.
Productivity without structure creates chaos. Phase 03 stood up the full collaboration infrastructure — department SharePoint sites, controlled document libraries, OneDrive data governance, and Viva Engage for internal communications — each configured with the right permissions and retention rules to keep data both accessible and protected.
Three dedicated SharePoint team sites were created — TechSolutions IT, TechSolutions HR, and TechSolutions Marketing. Each site was provisioned with its own permission structure: Site Owners receive Full Control, Members receive Edit access, and external sharing is locked down. The HR site has the strictest access — only HR members are permitted, with an Access Denied response verified for unauthorized users attempting to browse.
A dedicated HR Documents Library was created on the HR SharePoint site with two critical governance controls enabled: document versioning (preserving the full edit history of every HR document) and content approval (requiring HR owners to approve any new or modified document before it becomes visible to members). Draft item security was also configured to restrict draft visibility to authors and approvers only.
Organization-wide OneDrive external sharing was locked to "Only people in your organization" — preventing any file from being shared outside the tenant without admin authorization. Two retention policies were then applied: a 5-year retention policy for all OneDrive files (meeting long-term compliance requirements) and a 1-year deletion policy to automatically move stale files to Recycle Bin after 12 months of inactivity.
Viva Engage was configured as TechSolutions' enterprise social network with a strict internal-only usage policy — all Viva Engage activity is restricted to authenticated tenant users only. Four communities were created: Company-Wide Announcements (all-staff), and dedicated communities for IT, HR, and Marketing. The internal-only policy was saved and verified with the "Changes saved" confirmation banner.
A deployed environment without visibility is a liability. Phase 04 instrumented the entire TechSolutions tenant — audit logging, custom alert policies, service health monitoring, and automated monthly reporting via Power Automate — so IT administrators can see everything that matters without having to look for it.
Audit logging was enabled across the tenant and a custom audit log search was configured to track SharePoint file activity — file access, uploads, edits, and deletions — for a specific user within a defined date range. This gives IT administrators the ability to reconstruct any user action in SharePoint and meet the forensic requirements of a compliance investigation.
A Suspicious File Activity alert policy was created to notify administrators when anomalous file access patterns are detected — mass downloads, bulk deletions, or unusual access volumes. Separate DLP breach notifications were configured to fire whenever a DLP policy match occurs. Alert severity, threshold, and recipient list were all configured and the policy confirmed active.
A scheduled Power Automate cloud flow was built to generate and deliver monthly Microsoft 365 usage reports to IT administrators and department heads. The flow runs on a monthly recurrence, retrieves recent Microsoft 365 activity data, formats the data as CSV, and emails it to the distribution list. The flow was tested and confirmed active in the lab tenant.
Service Health email alerts were enabled to automatically notify administrators of any Microsoft 365 service incidents, advisories, or degradations. The Service Health dashboard was reviewed — Exchange Online, OneDrive, SharePoint, Teams, and Viva Engage all confirmed healthy. IT department team members were added as additional notification recipients alongside the global admin, ensuring no incident goes unnoticed.
With all four phases complete, the Microsoft Secure Score dashboard was reviewed as a final validation checkpoint. The score provided a baseline view of the lab tenant's security posture and highlighted additional hardening actions for future improvement.
The foundation is in place. These roadmap items are logical next steps for expanding the lab into a more complete information protection and endpoint management case study.
Apply Public, Internal, Confidential, and Highly Confidential labels across documents and emails. Auto-labelling policies to classify HR and financial data without user action.
Privileged Identity Management for just-in-time admin role activation, approval workflows, and safer privileged access operations.
Enroll TechSolutions endpoints into Microsoft Intune. Deploy compliance policies, app protection policies, and Defender for Endpoint across all managed devices.
Bulk user onboarding, M365 Groups, RBAC, SharePoint permission tiers, Entra ID
Safe Links, Safe Attachments, Anti-Phishing, OME encryption, Exchange mail flow rules
Canadian PII policies, credit card detection, live alert verification, DLP-IRM integration
Retention policies, content approval, document versioning, audit log search, Purview
Data leaks policy, Adaptive Protection, Conditional Access integration, risk-based controls
SharePoint Online, OneDrive governance, Viva Engage communities, Microsoft Teams
Power Automate scheduled flows and usage reporting workflow design
Custom audit searches, alert policies, service health monitoring, Secure Score tracking
This case study documents a Microsoft 365 lab tenant configured by one administrator to model identity, collaboration, security, compliance, monitoring, and reporting workflows for a 300-employee organization.