Back to Details

ms365-tenant-manager

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Microsoft 365 Tenant Manager

Microsoft 365 租户管理器

Expert guidance and automation for Microsoft 365 Global Administrators managing tenant setup, user lifecycle, security policies, and organizational optimization.
为管理租户设置、用户生命周期、安全策略和组织优化的Microsoft 365全局管理员提供专业指导与自动化方案。

Table of Contents

目录

Trigger Phrases

触发短语

Use this skill when you hear:
  • "set up Microsoft 365 tenant"
  • "create Office 365 users"
  • "configure Azure AD"
  • "generate PowerShell script for M365"
  • "set up Conditional Access"
  • "bulk user provisioning"
  • "M365 security audit"
  • "license management"
  • "Exchange Online configuration"
  • "Teams administration"
当您听到以下需求时可使用本技能:
  • "set up Microsoft 365 tenant"(设置Microsoft 365租户)
  • "create Office 365 users"(创建Office 365用户)
  • "configure Azure AD"(配置Azure AD)
  • "generate PowerShell script for M365"(生成M365的PowerShell脚本)
  • "set up Conditional Access"(配置Conditional Access)
  • "bulk user provisioning"(批量用户配置)
  • "M365 security audit"(M365安全审计)
  • "license management"(许可证管理)
  • "Exchange Online configuration"(Exchange Online配置)
  • "Teams administration"(Teams管理)

Quick Start

快速开始

Generate Security Audit Script

生成安全审计脚本

bash
python scripts/powershell_generator.py --action audit --output audit_script.ps1
bash
python scripts/powershell_generator.py --action audit --output audit_script.ps1

Create Bulk User Provisioning Script

创建批量用户配置脚本

bash
python scripts/user_management.py --action provision --csv users.csv --license E3
bash
python scripts/user_management.py --action provision --csv users.csv --license E3

Configure Conditional Access Policy

配置Conditional Access策略

bash
python scripts/powershell_generator.py --action conditional-access --require-mfa --include-admins
bash
python scripts/powershell_generator.py --action conditional-access --require-mfa --include-admins

Tools

工具

powershell_generator.py

powershell_generator.py

Generates ready-to-use PowerShell scripts for Microsoft 365 administration.
Usage:
bash
undefined
生成可直接用于Microsoft 365管理的PowerShell脚本。
使用方法:
bash
undefined

Generate security audit script

生成安全审计脚本

python scripts/powershell_generator.py --action audit
python scripts/powershell_generator.py --action audit

Generate Conditional Access policy script

生成Conditional Access策略脚本

python scripts/powershell_generator.py --action conditional-access
--policy-name "Require MFA for Admins"
--require-mfa
--include-users "All"
python scripts/powershell_generator.py --action conditional-access
--policy-name "Require MFA for Admins"
--require-mfa
--include-users "All"

Generate bulk license assignment script

生成批量许可证分配脚本

python scripts/powershell_generator.py --action license
--csv users.csv
--sku "ENTERPRISEPACK"

**Parameters:**

| Parameter | Required | Description |
|-----------|----------|-------------|
| `--action` | Yes | Script type: `audit`, `conditional-access`, `license`, `users` |
| `--policy-name` | No | Name for Conditional Access policy |
| `--require-mfa` | No | Require MFA in policy |
| `--include-users` | No | Users to include: `All` or specific UPNs |
| `--csv` | No | CSV file path for bulk operations |
| `--sku` | No | License SKU for assignment |
| `--output` | No | Output file path (default: stdout) |

**Output:** Complete PowerShell scripts with error handling, logging, and best practices.
python scripts/powershell_generator.py --action license
--csv users.csv
--sku "ENTERPRISEPACK"

**参数说明:**

| 参数 | 是否必填 | 描述 |
|-----------|----------|-------------|
| `--action` | 是 | 脚本类型:`audit`(审计)、`conditional-access`(条件访问)、`license`(许可证)、`users`(用户) |
| `--policy-name` | 否 | Conditional Access策略名称 |
| `--require-mfa` | 否 | 策略中要求启用MFA |
| `--include-users` | 否 | 包含的用户:`All`(全部)或特定UPN |
| `--csv` | 否 | 批量操作的CSV文件路径 |
| `--sku` | 否 | 要分配的许可证SKU |
| `--output` | 否 | 输出文件路径(默认:标准输出) |

**输出:** 包含错误处理、日志记录和最佳实践的完整PowerShell脚本。

user_management.py

user_management.py

Automates user lifecycle operations and bulk provisioning.
Usage:
bash
undefined
自动化用户生命周期操作和批量配置。
使用方法:
bash
undefined

Provision users from CSV

从CSV文件配置用户

python scripts/user_management.py --action provision --csv new_users.csv
python scripts/user_management.py --action provision --csv new_users.csv

Offboard user securely

安全注销用户

python scripts/user_management.py --action offboard --user john.doe@company.com
python scripts/user_management.py --action offboard --user john.doe@company.com

Generate inactive users report

生成非活跃用户报告

python scripts/user_management.py --action report-inactive --days 90

**Parameters:**

| Parameter | Required | Description |
|-----------|----------|-------------|
| `--action` | Yes | Operation: `provision`, `offboard`, `report-inactive`, `sync` |
| `--csv` | No | CSV file for bulk operations |
| `--user` | No | Single user UPN |
| `--days` | No | Days for inactivity threshold (default: 90) |
| `--license` | No | License SKU to assign |
python scripts/user_management.py --action report-inactive --days 90

**参数说明:**

| 参数 | 是否必填 | 描述 |
|-----------|----------|-------------|
| `--action` | 是 | 操作类型:`provision`(配置)、`offboard`(注销)、`report-inactive`(非活跃报告)、`sync`(同步) |
| `--csv` | 否 | 批量操作的CSV文件 |
| `--user` | 否 | 单个用户的UPN |
| `--days` | 否 | 非活跃状态阈值天数(默认:90天) |
| `--license` | 否 | 要分配的许可证SKU |

tenant_setup.py

tenant_setup.py

Initial tenant configuration and service provisioning automation.
Usage:
bash
undefined
自动化初始租户配置和服务部署。
使用方法:
bash
undefined

Generate tenant setup checklist

生成租户设置清单

python scripts/tenant_setup.py --action checklist --company "Acme Inc" --users 50
python scripts/tenant_setup.py --action checklist --company "Acme Inc" --users 50

Generate DNS records configuration

生成DNS记录配置

python scripts/tenant_setup.py --action dns --domain acme.com
python scripts/tenant_setup.py --action dns --domain acme.com

Generate security baseline script

生成安全基线脚本

python scripts/tenant_setup.py --action security-baseline

---
python scripts/tenant_setup.py --action security-baseline

---

Workflows

工作流

Workflow 1: New Tenant Setup

工作流1:新租户设置

Step 1: Generate Setup Checklist
bash
python scripts/tenant_setup.py --action checklist --company "Company Name" --users 100
Step 2: Configure DNS Records
bash
python scripts/tenant_setup.py --action dns --domain company.com
Step 3: Apply Security Baseline
bash
python scripts/powershell_generator.py --action audit > initial_audit.ps1
Step 4: Provision Users
bash
python scripts/user_management.py --action provision --csv employees.csv --license E3
步骤1:生成设置清单
bash
python scripts/tenant_setup.py --action checklist --company "Company Name" --users 100
步骤2:配置DNS记录
bash
python scripts/tenant_setup.py --action dns --domain company.com
步骤3:应用安全基线
bash
python scripts/powershell_generator.py --action audit > initial_audit.ps1
步骤4:配置用户
bash
python scripts/user_management.py --action provision --csv employees.csv --license E3

Workflow 2: Security Hardening

工作流2:安全加固

Step 1: Run Security Audit
bash
python scripts/powershell_generator.py --action audit --output security_audit.ps1
Step 2: Create MFA Policy
bash
python scripts/powershell_generator.py --action conditional-access \
  --policy-name "Require MFA All Users" \
  --require-mfa \
  --include-users "All"
Step 3: Review Results
Execute generated scripts and review CSV reports in output directory.
步骤1:运行安全审计
bash
python scripts/powershell_generator.py --action audit --output security_audit.ps1
步骤2:创建MFA策略
bash
python scripts/powershell_generator.py --action conditional-access \
  --policy-name "Require MFA All Users" \
  --require-mfa \
  --include-users "All"
步骤3:查看结果
执行生成的脚本并查看输出目录中的CSV报告。

Workflow 3: User Offboarding

工作流3:用户注销

Step 1: Generate Offboarding Script
bash
python scripts/user_management.py --action offboard --user departing.user@company.com
Step 2: Execute Script with -WhatIf
powershell
.\offboard_user.ps1 -WhatIf
Step 3: Execute for Real
powershell
.\offboard_user.ps1 -Confirm:$false
步骤1:生成注销脚本
bash
python scripts/user_management.py --action offboard --user departing.user@company.com
步骤2:使用-WhatIf参数执行脚本
powershell
.\offboard_user.ps1 -WhatIf
步骤3:实际执行
powershell
.\offboard_user.ps1 -Confirm:$false

Best Practices

最佳实践

Tenant Setup

租户设置

  1. Enable MFA before adding users
  2. Configure named locations for Conditional Access
  3. Use separate admin accounts with PIM
  4. Verify custom domains before bulk user creation
  5. Apply Microsoft Secure Score recommendations
  1. 添加用户前启用MFA
  2. 为Conditional Access配置命名位置
  3. 使用带PIM的独立管理员账户
  4. 批量创建用户前验证自定义域名
  5. 应用Microsoft安全评分建议

Security Operations

安全操作

  1. Start Conditional Access policies in report-only mode
  2. Use 
    -WhatIf
    parameter before executing scripts
  3. Never hardcode credentials in scripts
  4. Enable audit logging for all operations
  5. Regular quarterly security reviews
  1. 先在仅报告模式下启动Conditional Access策略
  2. 执行脚本前使用
    -WhatIf
    参数
  3. 切勿在脚本中硬编码凭据
  4. 为所有操作启用审计日志
  5. 定期进行季度安全审查

PowerShell Automation

PowerShell自动化

  1. Prefer Microsoft Graph over legacy MSOnline modules
  2. Include try/catch blocks for error handling
  3. Implement logging for audit trails
  4. Use Azure Key Vault for credential management
  5. Test in non-production tenant first
  1. 优先使用Microsoft Graph而非旧版MSOnline模块
  2. 包含try/catch块进行错误处理
  3. 实现日志记录以生成审计跟踪
  4. 使用Azure Key Vault进行凭据管理
  5. 先在非生产租户中测试

Reference Guides

参考指南

When to Use Each Reference

各参考文档的适用场景

references/powershell-templates.md
  • Ready-to-use script templates
  • Conditional Access policy examples
  • Bulk user provisioning scripts
  • Security audit scripts
references/security-policies.md
  • Conditional Access configuration
  • MFA enforcement strategies
  • DLP and retention policies
  • Security baseline settings
references/troubleshooting.md
  • Common error resolutions
  • PowerShell module issues
  • Permission troubleshooting
  • DNS propagation problems
references/powershell-templates.md
  • 可直接使用的脚本模板
  • Conditional Access策略示例
  • 批量用户配置脚本
  • 安全审计脚本
references/security-policies.md
  • Conditional Access配置
  • MFA实施策略
  • DLP和保留策略
  • 安全基线设置
references/troubleshooting.md
  • 常见错误解决方案
  • PowerShell模块问题
  • 权限故障排除
  • DNS传播问题

Limitations

限制条件

ConstraintImpact
Global Admin requiredFull tenant setup needs highest privilege
API rate limitsBulk operations may be throttled
License dependenciesE3/E5 required for advanced features
Hybrid scenariosOn-premises AD needs additional configuration
PowerShell prerequisitesMicrosoft.Graph module required
约束影响
需要全局管理员权限完整租户设置需要最高权限
API速率限制批量操作可能会被限流
许可证依赖高级功能需要E3/E5许可证
混合场景本地AD需要额外配置
PowerShell前置要求需要Microsoft.Graph模块

Required PowerShell Modules

所需PowerShell模块

powershell
Install-Module Microsoft.Graph -Scope CurrentUser
Install-Module ExchangeOnlineManagement -Scope CurrentUser
Install-Module MicrosoftTeams -Scope CurrentUser
powershell
Install-Module Microsoft.Graph -Scope CurrentUser
Install-Module ExchangeOnlineManagement -Scope CurrentUser
Install-Module MicrosoftTeams -Scope CurrentUser

Required Permissions

所需权限

  • Global Administrator - Full tenant setup
  • User Administrator - User management
  • Security Administrator - Security policies
  • Exchange Administrator - Mailbox management
  • Global Administrator - 完整租户设置
  • User Administrator - 用户管理
  • Security Administrator - 安全策略管理
  • Exchange Administrator - 邮箱管理