Audit MFA Registration in Microsoft 365
Review which users have authentication methods registered before assuming MFA coverage is handled.
Example playbook / Read-only / Validation pending
Read playbook →Review before you act
Practical Microsoft 365 security, PowerShell, and automation playbooks for admins who want safer tenant visibility before making changes. These notes come from repeated admin patterns, troubleshooting habits, and the kind of checks I want in front of me before touching a tenant.
Every playbook is read-only: connect, collect, export, review. No tenant changes.
Start here
Review which users have authentication methods registered before assuming MFA coverage is handled.
Example playbook / Read-only / Validation pending
Read playbook →Find mailbox forwarding that may send mail outside the organization and prepare it for careful review.
Example playbook / Read-only / Validation pending
Read playbook →Export privileged Entra role membership before making security or access policy changes.
Example playbook / Read-only / Validation pending
Read playbook →Why I am building this
Policies, licenses, forwarding rules, roles, guest access, and security settings all pile up over time. SecureOps Playbooks is my attempt to turn repeated admin checks into clear, reusable workflows that help people understand what they are looking at before they change anything.
What makes these playbooks different?
Every starter playbook collects and exports data. Nothing here asks you to change a tenant as step one.
Each playbook lists the modules and read scopes it expects, so you can review consent before connecting.
You see the export columns and what each one means before you run anything.
Exports and review notes are designed to be attached to a ticket, change record, or handoff document.
Written for inherited tenants and half-documented environments, not perfect lab conditions.
Every check covers what it proves, what it does not prove, and what to verify before acting.
PowerShell resources
How the examples connect with Connect-MgGraph, which scopes they request, and why interactive consent comes first.
Consistent, sortable exports with review-note columns, so results can be documented and compared later.
Each playbook names the read permissions it relies on, so you can validate least privilege before running it.
Field Notes
The thinking behind every playbook on this site: collect, export, and understand before anything in the tenant changes.
Read the note →Shorter than a playbook, longer than a tweet: notes on Microsoft 365 admin work, PowerShell habits, and what building this library is teaching me.
Browse all field notes →Also in the works
A searchable desktop library of 117 ready-to-run admin scripts — tenant profiles, quick-fill variables, preview-first defaults, and run confirmations for anything that changes a tenant. Launching soon.
The same desktop app, free — limited to 15 read-only reporting scripts: tenant summary, MFA status, admin roles, guest users, external forwarding, and more. Run your first tenant review today.
SecureOps Dispatch
Weekly or occasional practical updates with Microsoft 365 checks, PowerShell notes, security review workflows, and lessons from building repeatable admin processes.