Ms365 Tenant Manager

Name: Ms365 Tenant Manager
Author: alirezarezvani

alirezarezvani/claude-skills

Stand up a new Microsoft 365 tenant with DNS, security baseline, licensing, and runnable PowerShell setup scripts.

Overview

MS365 Tenant Manager is an agent skill for the Operate phase that guides greenfield Microsoft 365 tenant setup across five phased checklists with DNS, security baseline, and PowerShell artifacts.

Install

npx skills add https://github.com/alirezarezvani/claude-skills --skill ms365-tenant-manager

What is this skill?

Five-phase setup checklist (~3.5 hours) from initial tenant through compliance
Eleven DNS record templates (MX, TXT, CNAME, SRV) for mail and Microsoft services
Generates Initial_Tenant_Setup.ps1, Configure_DNS_Records.txt, and Enable_Security_Baseline.ps1
License tier recommendations with role-based counts (E3/E5-style breakdown)
Critical-path ordering for domain verification and security baseline before service rollout
5 setup phases with ~3.5 hours total estimated time
11 DNS records across MX, TXT, CNAME, and SRV types
3 generated PowerShell or DNS artifact filenames documented in the skill

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 726 installs on skills.sh; 17.5k GitHub stars; 2/3 security scanners passed (skills.sh audits).

What problem does it solve?

You bought Microsoft 365 for your product or company but lack an ordered, DNS-aware checklist to configure domain, mail, and security without missing verification or baseline steps.

Who is it for?

Founders or solo operators standing up their first commercial M365 tenant on a custom domain with a small headcount.

Skip if: Large enterprise migrations, Entra ID advanced governance-only projects, or teams that already have a signed security baseline and completed domain cutover.

When should I use this skill?

You need to configure a new Microsoft 365 tenant, custom domain, security baseline, or license plan with scripted setup steps.

What do I get? / Deliverables

You leave with phased tasks, recommended DNS records, generated setup scripts, and license sizing notes ready to execute in the admin center and PowerShell.

Phased tenant setup checklist
DNS record specification
PowerShell setup script outlines

Recommended Skills

Azure Deploymicrosoft/azure-skills

Azure Deploy is a Microsoft agent skill that executes cloud releases for applications that are already planned and valid…374k installs·1.2k stars

Azure Preparemicrosoft/azure-skills

Azure Prepare is Microsoft's skill for getting applications ready to run on Azure—writing the deployment plan, generatin…374k installs·1.2k stars

Azure Storagemicrosoft/azure-skills

Azure Storage skill helps agents pick the right Azure storage service—Blob for objects, Files for SMB shares, Queues for…374k installs·1.2k stars

Azure Validatemicrosoft/azure-skills

Microsoft-guided preflight validation for Azure deployments including IaC, identity, and service-specific readiness.374k installs·1.2k stars

Appinsights Instrumentationmicrosoft/azure-skills

appinsights-instrumentation is a Microsoft Azure-skills package that walks solo builders through enabling Application In…374k installs·1.2k stars

Azure Resource Lookupmicrosoft/azure-skills

Azure Resource Lookup is a Microsoft agent skill that helps solo builders and small teams answer “what do I have in Azur…373k installs·1.2k stars

Journey fit

Primary fit

OperateInfrastructure & cost

Tenant provisioning and baseline hardening happen after you are running a business on Microsoft cloud services. Infra is the canonical shelf for greenfield M365 tenant, domain, and service configuration work.

Also useful

ShipSecurity

Also useful

ValidateScope & plan

How it compares

Use instead of unstructured admin-center clicking or generic “M365 setup” blog posts that omit DNS and script handoffs.

Common Questions / FAQ

Who is ms365-tenant-manager for?

Solo builders, indie SaaS founders, and small teams who administer their own Microsoft 365 tenant and need a phased setup path with DNS and security baseline coverage.

When should I use ms365-tenant-manager?

Use it in Operate when provisioning a new tenant or custom domain, before users and mail flow go live, or when you need PowerShell-oriented setup scripts alongside admin tasks.

Is ms365-tenant-manager safe to install?

Treat it as guidance for privileged cloud administration; review the Security Audits panel on this Prism page and never paste production secrets into chats without your own risk review.

SKILL.md

READMESKILL.md - Ms365 Tenant Manager

{
  "setup_checklist": {
    "total_phases": 5,
    "estimated_time": "3.5 hours",
    "phases": [
      {
        "phase": 1,
        "name": "Initial Tenant Configuration",
        "priority": "critical",
        "task_count": 3,
        "estimated_time": "30 minutes"
      },
      {
        "phase": 2,
        "name": "Custom Domain Configuration",
        "priority": "critical",
        "task_count": 4,
        "estimated_time": "45 minutes"
      },
      {
        "phase": 3,
        "name": "Security Baseline Configuration",
        "priority": "critical",
        "task_count": 5,
        "estimated_time": "60 minutes"
      },
      {
        "phase": 4,
        "name": "Service Configuration",
        "priority": "high",
        "task_count": 4,
        "estimated_time": "90 minutes"
      },
      {
        "phase": 5,
        "name": "Compliance Configuration",
        "priority": "high",
        "task_count": 1,
        "estimated_time": "45 minutes"
      }
    ]
  },
  "dns_records": {
    "mx_records": 1,
    "txt_records": 2,
    "cname_records": 6,
    "srv_records": 2,
    "total_records": 11
  },
  "powershell_scripts_generated": [
    "Initial_Tenant_Setup.ps1",
    "Configure_DNS_Records.txt",
    "Enable_Security_Baseline.ps1"
  ],
  "license_recommendations": {
    "E5": {
      "count": 5,
      "monthly_cost": 285.00,
      "users": "Executives and IT admins"
    },
    "E3": {
      "count": 15,
      "monthly_cost": 540.00,
      "users": "Finance, Legal, HR departments"
    },
    "Business_Standard": {
      "count": 50,
      "monthly_cost": 625.00,
      "users": "Standard office workers"
    },
    "Business_Basic": {
      "count": 5,
      "monthly_cost": 30.00,
      "users": "Part-time staff"
    },
    "total_monthly_cost": 1480.00,
    "total_annual_cost": 17760.00
  },
  "next_steps": [
    "Review and verify DNS records",
    "Test MFA enrollment process",
    "Create security groups for departments",
    "Begin user provisioning",
    "Schedule security review meeting"
  ]
}


# PowerShell Script Templates

Ready-to-use PowerShell scripts for Microsoft 365 administration with error handling and best practices.

---

## Table of Contents

- [Prerequisites](#prerequisites)
- [Security Audit Script](#security-audit-script)
- [Conditional Access Policy](#conditional-access-policy)
- [Bulk User Provisioning](#bulk-user-provisioning)
- [User Offboarding](#user-offboarding)
- [License Management](#license-management)
- [DNS Records Configuration](#dns-records-configuration)

---

## Prerequisites

Install required modules before running scripts:

```powershell
# Install Microsoft Graph module (recommended)
Install-Module Microsoft.Graph -Scope CurrentUser -Force

# Install Exchange Online module
Install-Module ExchangeOnlineManagement -Scope CurrentUser -Force

# Install Teams module
Install-Module MicrosoftTeams -Scope CurrentUser -Force

# Verify installations
Get-InstalledModule Microsoft.Graph, ExchangeOnlineManagement, MicrosoftTeams
```

---

## Security Audit Script

Comprehensive security audit for MFA status, admin accounts, inactive users, and permissions.

```powershell
<#
.SYNOPSIS
    Microsoft 365 Security Audit Report

.DESCRIPTION
    Performs comprehensive security audit and generates CSV reports.
    Checks: MFA status, admin accounts, inactive users, guest access, licenses

.OUTPUTS
    CSV reports in SecurityAudit_[timestamp] directory
#>

#Requires -Modules Microsoft.Graph, ExchangeOnlineManagement

param(
    [int]$InactiveDays = 90,
    [string]$OutputPath = "."
)

# Connect to services
Connect-MgGraph -Scopes "Directory.Read.All", "User.Read.All", "AuditLog.Read.All"
Connect-ExchangeOnline

$timestamp = Get-Date -Format "yyyyMMdd_HHmmss"
$reportPath = Join-Path $OutputPath "SecurityAudit_$timestamp"
New-Item -ItemType Directory -Path $reportPath -Force | Out-Null

Write-Host "Starting Security Audit..." -ForegroundColor Cyan

# 1. MFA Status Check
Write-Host "[1/5] Che

What is this skill?

Five-phase setup checklist (~3.5 hours) from initial tenant through compliance

Eleven DNS record templates (MX, TXT, CNAME, SRV) for mail and Microsoft services

Generates Initial_Tenant_Setup.ps1, Configure_DNS_Records.txt, and Enable_Security_Baseline.ps1

License tier recommendations with role-based counts (E3/E5-style breakdown)

Critical-path ordering for domain verification and security baseline before service rollout

5 setup phases with ~3.5 hours total estimated time

11 DNS records across MX, TXT, CNAME, and SRV types

3 generated PowerShell or DNS artifact filenames documented in the skill

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 726 installs on skills.sh; 17.5k GitHub stars; 2/3 security scanners passed (skills.sh audits).

Journey fit

Primary fit

OperateInfrastructure & cost

Also useful

ShipSecurity

Also useful

ValidateScope & plan

SKILL.md

READMESKILL.md - Ms365 Tenant Manager

{
  "setup_checklist": {
    "total_phases": 5,
    "estimated_time": "3.5 hours",
    "phases": [
      {
        "phase": 1,
        "name": "Initial Tenant Configuration",
        "priority": "critical",
        "task_count": 3,
        "estimated_time": "30 minutes"
      },
      {
        "phase": 2,
        "name": "Custom Domain Configuration",
        "priority": "critical",
        "task_count": 4,
        "estimated_time": "45 minutes"
      },
      {
        "phase": 3,
        "name": "Security Baseline Configuration",
        "priority": "critical",
        "task_count": 5,
        "estimated_time": "60 minutes"
      },
      {
        "phase": 4,
        "name": "Service Configuration",
        "priority": "high",
        "task_count": 4,
        "estimated_time": "90 minutes"
      },
      {
        "phase": 5,
        "name": "Compliance Configuration",
        "priority": "high",
        "task_count": 1,
        "estimated_time": "45 minutes"
      }
    ]
  },
  "dns_records": {
    "mx_records": 1,
    "txt_records": 2,
    "cname_records": 6,
    "srv_records": 2,
    "total_records": 11
  },
  "powershell_scripts_generated": [
    "Initial_Tenant_Setup.ps1",
    "Configure_DNS_Records.txt",
    "Enable_Security_Baseline.ps1"
  ],
  "license_recommendations": {
    "E5": {
      "count": 5,
      "monthly_cost": 285.00,
      "users": "Executives and IT admins"
    },
    "E3": {
      "count": 15,
      "monthly_cost": 540.00,
      "users": "Finance, Legal, HR departments"
    },
    "Business_Standard": {
      "count": 50,
      "monthly_cost": 625.00,
      "users": "Standard office workers"
    },
    "Business_Basic": {
      "count": 5,
      "monthly_cost": 30.00,
      "users": "Part-time staff"
    },
    "total_monthly_cost": 1480.00,
    "total_annual_cost": 17760.00
  },
  "next_steps": [
    "Review and verify DNS records",
    "Test MFA enrollment process",
    "Create security groups for departments",
    "Begin user provisioning",
    "Schedule security review meeting"
  ]
}


# PowerShell Script Templates

Ready-to-use PowerShell scripts for Microsoft 365 administration with error handling and best practices.

---

## Table of Contents

- [Prerequisites](#prerequisites)
- [Security Audit Script](#security-audit-script)
- [Conditional Access Policy](#conditional-access-policy)
- [Bulk User Provisioning](#bulk-user-provisioning)
- [User Offboarding](#user-offboarding)
- [License Management](#license-management)
- [DNS Records Configuration](#dns-records-configuration)

---

## Prerequisites

Install required modules before running scripts:

```powershell
# Install Microsoft Graph module (recommended)
Install-Module Microsoft.Graph -Scope CurrentUser -Force

# Install Exchange Online module
Install-Module ExchangeOnlineManagement -Scope CurrentUser -Force

# Install Teams module
Install-Module MicrosoftTeams -Scope CurrentUser -Force

# Verify installations
Get-InstalledModule Microsoft.Graph, ExchangeOnlineManagement, MicrosoftTeams
```

---

## Security Audit Script

Comprehensive security audit for MFA status, admin accounts, inactive users, and permissions.

```powershell
<#
.SYNOPSIS
    Microsoft 365 Security Audit Report

.DESCRIPTION
    Performs comprehensive security audit and generates CSV reports.
    Checks: MFA status, admin accounts, inactive users, guest access, licenses

.OUTPUTS
    CSV reports in SecurityAudit_[timestamp] directory
#>

#Requires -Modules Microsoft.Graph, ExchangeOnlineManagement

param(
    [int]$InactiveDays = 90,
    [string]$OutputPath = "."
)

# Connect to services
Connect-MgGraph -Scopes "Directory.Read.All", "User.Read.All", "AuditLog.Read.All"
Connect-ExchangeOnline

$timestamp = Get-Date -Format "yyyyMMdd_HHmmss"
$reportPath = Join-Path $OutputPath "SecurityAudit_$timestamp"
New-Item -ItemType Directory -Path $reportPath -Force | Out-Null

Write-Host "Starting Security Audit..." -ForegroundColor Cyan

# 1. MFA Status Check
Write-Host "[1/5] Che

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is ms365-tenant-manager for?

When should I use ms365-tenant-manager?

Is ms365-tenant-manager safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is ms365-tenant-manager for?

When should I use ms365-tenant-manager?

Is ms365-tenant-manager safe to install?

SKILL.md