Microsoft 365 Architect · Lisboa

Microsoft 365
without the guesswork.

Long-form notes, decision frameworks and interactive tools on Intune, Exchange Online, Defender, Entra ID and Purview — the kind of thing I wish I had read ten years ago.

Start with the latest writing
What I write about

Five workloads, in depth.

I deliberately stay inside the Microsoft 365 stack. Everything here — articles, tools, decisions — comes from production work in these five areas.

01

Microsoft Intune

Compliance, configuration and Autopilot baselines for Windows, macOS, iOS and Android, designed for safe production rollout.

02

Exchange Online

Mail flow, connectors, hybrid design, anti-spoof posture and the SMTP AUTH / HVE / Graph migration story.

03

Entra ID

Conditional Access, identity governance, hybrid identity and privileged access design without breaking your users.

04

Defender for O365

Anti-phishing, Safe Links and Safe Attachments tuned to Standard, Strict or a defensible Custom baseline.

05

Microsoft Purview

DLP, sensitivity labels, retention and audit, turned into something an admin can actually operate day-to-day.

Interactive tools

Decisions, not just documentation.

Each tool runs entirely in your browser. No data is sent anywhere. They exist because clicking through real decisions is faster than reading another reference table.

Intune · Compliance

Compliance Policy Builder

Ten-policy baseline, platform-specific recommendations and a safe rollout sequence for Windows, macOS, iOS/iPadOS and Android.

Open the tool →
Exchange Online · Mail flow

Mail Flow Decision Builder

Sixteen real-world scenarios, SMTP AUTH / HVE / Graph / ACS comparison, dangerous bypass rules to fix and connector review checklists.

Open the tool →
Defender · Email security

Defender for Office 365 Builder

Seven-input scoring engine, Standard vs Strict vs Custom decision framework, persona-based baselines for anti-phishing and impersonation.

Open the tool →
Recent writing

Notes from production tenants.

Long-form, technically credible and free of filler. Written for admins, architects and consultants who own real environments.

Loading

Loading latest articles…

Loading

Loading latest articles…

Loading

Loading latest articles…

All writing →
Colophon

Written by Tiago S. Carvalho.

A Microsoft 365 architect based in Lisbon, mostly working with Intune, Exchange Online, Defender, Entra ID and Purview. I've been doing this for long enough to have opinions about how it should be done.

This site is where I keep notes on what I find: architecture decisions, the things that quietly break in production, and the small tools that came out of doing the work.

If something here is useful, or wrong, or you want to talk about a tenant — write to me.