Free resources

Practical Microsoft 365 security guides you can use today.

Every guide, checklist, and template below comes from real deployment experience. No vendor marketing. No generic frameworks. Download free — enter your email and it goes straight to your inbox.

All resources

Guide

MFA Rollout Guide for Microsoft 365

A practical step-by-step guide to deploying MFA across your Microsoft 365 tenant without disrupting operations. Covers conditional access enforcement, exclusion management, and the break-glass account strategy.

Staged rollout approach — pilot groups before full enforcement
Break-glass account configuration and monitoring
Per-user MFA vs Conditional Access — which to use and when
User communication templates included
PDF · 12 pages All M365 plans Solo to Enterprise
Checklist

Conditional Access Baseline Checklist

The 12 Conditional Access policies every Microsoft 365 tenant should have in place before anything else. Each policy explained with the risk it addresses and the exclusions to watch out for.

Require MFA for all users — enforced, not per-user
Block legacy authentication — with app dependency check
Admin MFA enforcement — separate from user policies
Device compliance enforcement — managed device trust
PDF · 8 pages Entra ID P1 minimum SMB to Enterprise
Checklist

Defender XDR Deployment Readiness Checklist

Before you deploy Defender XDR, this checklist confirms your environment is ready. Identity configuration prerequisites, license requirements, network considerations, and deployment sequencing across all four workloads.

Identity prerequisites before Defender for Identity deployment
Defender for Endpoint — onboarding method selection guide
Defender for Office 365 — policy override risks to avoid
Cross-workload signal correlation setup checklist
PDF · 10 pages E3+ or Defender add-ons IT Head · Enterprise
Template

Zero Trust 90-Day Planning Template

A structured planning template for a 90-day Zero Trust implementation — milestone definitions, workstream owners, dependency mapping, and stakeholder communication schedule. Adapt it to your environment and timeline.

Days 1–30: Identity baseline workstream plan
Days 31–60: Device and visibility workstream plan
Days 61–90: Data, monitoring, and automation plan
Stakeholder communication schedule and approval gates
Excel + PDF · Editable E3 · E5 environments IT Head · Enterprise
Reference

Microsoft 365 Security License Comparison

A clear, honest comparison of security capabilities across Business Premium, E3, E5, and key add-ons. No vendor spin — just what each license gives you for identity, device, email, and detection capabilities.

Business Premium vs E3 vs E5 — security feature matrix
Add-on vs upgrade decision guide
Defender for Identity — standalone vs included
PIM — when you need Entra ID P2 vs E5
PDF · 6 pages All M365 plans Solo to Enterprise
Guide

DIY Microsoft 365 Security Health Check

A guided self-assessment for IT managers and admins who want to review their own tenant before engaging outside help. Covers the six most common exposure areas with specific portal locations and what to look for.

Where to find MFA registration gaps in Entra ID
How to identify legacy authentication still active
Privileged role review — what to look for and fix first
Defender readiness — five things to check in 30 minutes
PDF · 14 pages All M365 plans IT Manager · IT Head

Want the full picture on
your specific environment?

The guides above cover general patterns. A proper assessment covers your actual tenant — what's configured, what's missing, and what to address first given your environment and team capacity.