Microsoft 365 Security & Entra ID
The authority hub for Microsoft 365 security — Entra ID, Conditional Access, Defender for Office 365, Secure Score, and Zero Trust architecture.
Tools
Microsoft 365 Security & Entra ID Tools
Free, client-side tools — nothing is transmitted or stored.
Microsoft Secure Score Planner
Generate a prioritized Secure Score improvement plan across identity, email, and device/data actions.
Open →
Conditional Access Baseline Generator
Generate a Microsoft 365 workload-specific Conditional Access baseline.
Open →
Entra ID Health Assessment
Evaluate Entra ID licensing alignment, hybrid identity sync health, and directory object hygiene.
Open →
Microsoft 365 Security Readiness Assessment
Evaluate identity, email, device, and data protection baseline across four areas.
Open →
Zero Trust Readiness Assessment
Evaluate Zero Trust maturity across verify explicitly, least-privilege access, and assume breach.
Open →
Secure Score Improvement Calculator
Project your Secure Score after implementing a set number of improvement actions.
Open →
Defender Feature Comparison
Compare Plan 1 vs. Plan 2 features for Defender for Office 365 and Defender for Endpoint.
Open →
Zero Trust Gap Assessment
Identify which phase of a Zero Trust implementation roadmap needs attention next.
Open →
Microsoft Security Stack Planner
Generate a prioritized build-out plan across all five layers of the Microsoft 365 security architecture.
Open →
Microsoft Licensing Advisor
Get a tailored Microsoft 365 and Entra ID licensing tier recommendation based on organization size, identity, Defender, and compliance needs.
Open →
Conditional Access Policy Analyzer
Review an existing Conditional Access policy set for emergency access, legacy authentication, exclusion, and conflict gaps.
Open →
Downloads
Downloadable Resources
Free templates and guides — preview, copy, or download as Markdown or plain text.
Checklist
Microsoft 365 Security Checklist
A practical, printable checklist covering the full Microsoft 365 Security Baseline across identity, email, device, and data.
Open →
Guide
Secure Score Improvement Plan
A prioritized template for planning and tracking Microsoft Secure Score improvement actions over time.
Open →
Workbook
Conditional Access Baseline Workbook
A workbook for planning Microsoft 365 workload-specific Conditional Access policies — Exchange, SharePoint, Teams, and admin portals.
Open →
Guide
Zero Trust Implementation Guide
A phased implementation guide for adopting Zero Trust principles across a Microsoft 365 environment.
Open →
Checklist
Entra ID Administration Checklist
A recurring administration checklist for keeping an Entra ID tenant healthy over time.
Open →
Guide
Microsoft Security Operations Guide
A guide to ongoing security operations across the Microsoft 365 security stack — monitoring, review cadences, and incident response touchpoints.
Open →
Guide
Defender Deployment Guide
A phased deployment guide for rolling out Defender for Office 365 and Defender for Endpoint across a tenant.
Open →
Checklist
Intune Security Baseline Checklist
A checklist for rolling out and maintaining Intune security baselines across a device fleet.
Open →
Guide
Microsoft Sentinel Planning Guide
A planning guide for evaluating whether and how to adopt Microsoft Sentinel.
Open →
Workbook
Secure Score Optimization Workbook
A workbook for tracking Secure Score improvement actions by architectural layer, to spot imbalanced coverage.
Open →
Playbook
Microsoft Security Operations Playbook
A playbook of specific response actions for common Microsoft 365 security incident scenarios.
Open →
Reference
Microsoft Licensing Matrix
A reference matrix mapping this cluster's security capabilities to the Entra ID and Microsoft 365 licensing tiers that unlock them.
Open →
Checklist
Microsoft 365 Hardening Checklist
A consolidated hardening checklist spanning identity, email, endpoint, device, and data protection across the full cluster.
Open →
Foundations
Entra ID, Secure Score, and Defender
The core building blocks — identity platform, posture measurement, and email protection.
Microsoft Entra ID Overview
What Entra ID actually is, how it relates to on-premises Active Directory, and the core objects and licensing tiers every admin should understand.
Beginner
Open →
Microsoft Secure Score Guide
How Secure Score is calculated, what it does and doesn't measure, and how to use it as a genuine improvement roadmap rather than a vanity number.
Beginner
Open →
Microsoft Defender for Office 365
What Defender for Office 365 actually protects against — phishing, malware, and business email compromise — and how its plan tiers differ.
Intermediate
Open →
Baseline & Policy
Security Baseline and Conditional Access
The tenant-wide baseline and access policy that build on top of the foundations above.
Microsoft 365 Security Baseline
A practical, tenant-wide security baseline covering identity, email, device, and data protection settings every Microsoft 365 tenant should have.
Intermediate
Open →
Conditional Access Best Practices
Proven Conditional Access policy patterns specific to Microsoft 365 workloads, building on the cluster's general Conditional Access guide.
Intermediate
Open →
Microsoft Entra ID Protection
How Entra ID Protection detects and responds to identity risk automatically, and how to tune it without drowning administrators in false positives.
Advanced
Open →
Architecture
How It All Fits Together
Microsoft 365 Security Architecture
How Entra ID, Conditional Access, Defender, Purview, and Intune fit together as one coherent security architecture, not a pile of separate products.
Advanced
Open →
Zero Trust in Microsoft 365
What Zero Trust actually means as an operating model, and how Microsoft 365's specific tools implement each of its core principles.
Intermediate
Open →
Advanced Protection
Endpoint, XDR, Data, and Device Management
Deeper protective layers beyond the baseline — Defender for Endpoint, Defender XDR, Purview, and Intune.
Microsoft Defender for Endpoint
How Defender for Endpoint detects, investigates, and responds to device-level threats, and how its plan tiers differ.
Advanced
Open →
Microsoft Defender XDR
How Defender XDR correlates signals across email, identity, endpoint, and cloud apps into a single incident, instead of siloed alerts.
Advanced
Open →
Microsoft Purview Information Protection
How sensitivity labels, data loss prevention, and information protection policies keep sensitive data protected as it moves and is shared.
Advanced
Open →
Microsoft Intune Security Baselines
How Intune security baselines translate Microsoft's recommended device configuration into enforceable, auditable policy.
Intermediate
Open →
Security Operations
Detection, Correlation, and Incident Response
Microsoft Sentinel Overview
What a SIEM actually does, how Sentinel aggregates signal across the Microsoft security stack, and when a small organization actually needs one.
Advanced
Open →
Microsoft 365 Incident Response
A practical incident response process for a Microsoft 365 environment, from detection through containment to post-incident review.
Advanced
Open →
Planning & Governance
Licensing and Policy Review
Translating architecture decisions into licensing tiers and operationally reviewing what has already been deployed.
Microsoft Licensing Advisor
How Business Premium, E3, E5, Entra ID P1/P2, and Defender plans compare, and when each tier actually makes business sense.
Intermediate
Open →
Conditional Access Policy Analyzer
A methodology for reviewing an existing Conditional Access policy set — conflicts, exclusions, coverage gaps, and emergency access.
Advanced
Open →
Quick Reference
The Short Version
Full treatment lives in the articles above.
Secure Score ≠ Certification
It measures configuration hygiene against Microsoft's recommended actions — not a compliance attestation or a guarantee against breach.
Report-Only Mode First
The most common Conditional Access incident is a policy that locks administrators out of their own tenant — always test before enforcing.
Licensing Gates Capability
Conditional Access, ID Protection, and PIM all require specific Entra ID P1/P2 licensing, distinct from your Microsoft 365 plan.
Zero Trust Is a Model, Not a Product
No single purchase "achieves" Zero Trust — it's implemented across identity, access, email, endpoint, and data layers together.
FAQ
Common Questions
How does this cluster relate to Identity & Access Management?
Identity & Access Management covers authentication and access concepts generally — MFA, SSO, Conditional Access mechanics, privileged access. This cluster applies those concepts specifically to the Microsoft 365 product surface — Entra ID licensing, Defender for Office 365, Secure Score, and the full Microsoft security stack.
Do we need Entra ID P1 or P2 to benefit from this cluster?
Several capabilities covered here (Conditional Access, Entra ID Protection, Privileged Identity Management) require P1 or P2 licensing — see Microsoft Entra ID Overview for the specific licensing breakdown. The baseline and architecture articles remain valuable regardless of licensing tier as planning references.
Where should we start if we're new to Microsoft 365 security?
Start with Microsoft Entra ID Overview and Microsoft 365 Security Baseline, then use the Microsoft 365 Security Readiness Assessment to identify your specific gaps before diving into Conditional Access or Zero Trust specifics.
Operational Support
Need help implementing your Microsoft 365 security architecture?
IT KORR can design and implement Entra ID, Conditional Access, Defender for Office 365, and Zero Trust architecture — matched to your organization's risk profile and licensing.
No commitment required — we respond within one business day.