Identity - Deployment Guide checklist

2025-08-22

Identity creation includes user provisioning, authentication, permissions, global administration accounts, groups, and applications used to manage internal and external accounts.

Products

Microsoft 365 A1
Microsoft Entra ID

Options

Microsoft Entra ID P1
Microsoft Entra ID P2

Deployment guide steps

Review identity terms

	Step
☐	Identity management and access types
	╶ Types of identity management systems (IdM)
	╶ Types of identity access management systems (IAM)

Microsoft Entra Basic

	Step
☐	Initial configuration steps for Microsoft Entra ID - Basic
☐	On-premises and hybrid considerations
☐	User and group provisioning
☐	Multifactor authentication and conditional access
☐	Identity governance
☐	Event logging and reporting
☐	Deploy Devices
	╶ Automatic Intune enrollment via Microsoft Entra Join

Identity applications

	Step
☐	Applications
	╶ Deploy parent contacts
☐	App Security
	╶ Block user consent apps

Operations

	Step
☐	Block Microsoft 365 Group, SharePoint site, Teams creation for Students
☐	Restrict access to Microsoft Entra Admin Center
☐	Deploy administrative units
☐	Deploy education attributes like user role, grade, school ID

Identity lifecycle

	Step
☐	Develop inactive and departed user cleanup strategy

Security identity

	Step
☐	Security defaults
☐	Block legacy authentication or disable basic authentication in exchange
☐	Deploy at least one more global account admin
☐	Only use admin accounts for admin purposes
☐	Set passwords to never expire
☐	Enable teachers or school admins to reset student passwords
☐	Disable MFA registration campaigns
☐	Require and train all users on healthy password formation and use
☐	Restrict end users from creating security groups
☐	Deploy age groups and consent status
☐	Deploy security groups

Access controls

	Step
☐	Configure external guest user access and invitation

Next steps

Next step will be Identity Types

Next: Identity Types>