Scripts and other resources to help configure Microsoft 365
Azure AD Best Practices Checklist: Settings that I recommend reviewing for every Microsoft 365 tenant, with criticality/heat map indicating relative importance/impact of each item.
Recommended Conditional access policies: Adapted from Microsoft's own recommendations, I believe I have improved and simplified the design somewhat for those who just want to implement a good baseline without a lot of complexity.
Recommended Conditional access policy design: This describes in a single page the settings within each of the recommended Conditonal access policies from above
Intune Best Practices Checklist: Device management done right. In a similar format to the Azure AD checklist, this lays out all of the items that I would recommend for every single Microsoft 365 implementation; i.e. What does "good" look like? It looks like this.
The Office 365 Email Security Checklist: For anyone with an Exchange Online subscription for Email hosted in Office 365, start here. Scripts from this guide are located in the Exchange Online folder.
The Intune Setup scripts: The Intune scripts are (mostly) taken and modified from Microsoft: https://github.com/microsoftgraph/powershell-intune-samples/ ; None of the policies will be assigned when you first import the JSON files; simply review, adjust and test the settings out before assigning them. See more details in the "Setup Intune" folder's readme file.