SecureOps Playbooks logoSecureOps Playbooks

Review before you act

Run Microsoft 365 with fewer clicks, fewer mistakes, and better scripts.

Practical Microsoft 365 security, PowerShell, and automation playbooks for admins who want safer tenant visibility before making changes. These notes come from repeated admin patterns, troubleshooting habits, and the kind of checks I want in front of me before touching a tenant.

Every playbook is read-only: connect, collect, export, review. No tenant changes.

Start here

Three checks worth running before bigger tenant changes.

IdentityRisk: Medium

Audit MFA Registration in Microsoft 365

Review which users have authentication methods registered before assuming MFA coverage is handled.

Example playbook / Read-only / Validation pending

Read playbook →
ExchangeRisk: High

Find External Mailbox Forwarding in Exchange Online

Find mailbox forwarding that may send mail outside the organization and prepare it for careful review.

Example playbook / Read-only / Validation pending

Read playbook →
IdentityRisk: High

Review Privileged Role Assignments in Entra ID

Export privileged Entra role membership before making security or access policy changes.

Example playbook / Read-only / Validation pending

Read playbook →
See all playbooks, including what is planned next →

Why I am building this

Microsoft 365 admin work can get messy fast.

Policies, licenses, forwarding rules, roles, guest access, and security settings all pile up over time. SecureOps Playbooks is my attempt to turn repeated admin checks into clear, reusable workflows that help people understand what they are looking at before they change anything.

What makes these playbooks different?

Review before you act.

Read-only first

Every starter playbook collects and exports data. Nothing here asks you to change a tenant as step one.

Clear permissions

Each playbook lists the modules and read scopes it expects, so you can review consent before connecting.

Expected output

You see the export columns and what each one means before you run anything.

Change-control friendly

Exports and review notes are designed to be attached to a ticket, change record, or handoff document.

Built for real admins

Written for inherited tenants and half-documented environments, not perfect lab conditions.

Results explained, not just commands

Every check covers what it proves, what it does not prove, and what to verify before acting.

PowerShell resources

Scripts that begin with review, not remediation.

Graph connection patterns

How the examples connect with Connect-MgGraph, which scopes they request, and why interactive consent comes first.

CSV export hygiene

Consistent, sortable exports with review-note columns, so results can be documented and compared later.

Scope and permission notes

Each playbook names the read permissions it relies on, so you can validate least privilege before running it.

Field Notes

Periodic notes from the admin side of the keyboard.

Field note

Why read-only checks come before tenant changes

The thinking behind every playbook on this site: collect, export, and understand before anything in the tenant changes.

Read the note →

Shorter than a playbook, longer than a tweet: notes on Microsoft 365 admin work, PowerShell habits, and what building this library is teaching me.

Browse all field notes →

Also in the works

Two tools built on the same playbooks.

Paid toolkitLaunching soon

SecureOps Script Library for Microsoft 365

A searchable desktop library of 117 ready-to-run admin scripts — tenant profiles, quick-fill variables, preview-first defaults, and run confirmations for anything that changes a tenant. Launching soon.

See the Script Library
Free downloadAvailable now

Script Library LITE

The same desktop app, free — limited to 15 read-only reporting scripts: tenant summary, MFA status, admin roles, guest users, external forwarding, and more. Run your first tenant review today.

Download LITE (free)

SecureOps Dispatch

Field notes for Microsoft 365 admin work.

NewsletterLaunch updates

Weekly or occasional practical updates with Microsoft 365 checks, PowerShell notes, security review workflows, and lessons from building repeatable admin processes.