STATUS: Active FIELD GUIDES: 20+ PILLARS: 8 TRACKER: Monthly EDITION: 2026.06

Microsoft 365 architecture · Practical field guides

Microsoft 365, without the guesswork.

Practical field guides, decision frameworks and tenant hardening notes for Microsoft 365 administrators, architects and IT leads working with real production environments.

Read the latest field guides → Request a Microsoft 365 tenant review

// Featured · Decision Framework

Microsoft 365 Backup vs Third-Party: 2026 Decision Framework

In 2026, "do I still need a third-party backup tool?" is a serious architectural question. The honest framework: what M365 Backup covers, what it doesn't, and when Veeam, AvePoint or Druva are still the right answer.

📅 2 June 2026 ⏱ 14 min read

Read the framework →

// Browse by pillar

Microsoft Intune 5+

Device management, Defender onboarding, Secure Boot, GPO migration, EPM.

Exchange Online 4+

Mail flow, transport rules, connectors, sending pattern comparison.

Microsoft Teams 2+

Admin and security configurations, governance, meeting controls.

Azure & Entra ID 3+

Conditional Access, Authentication Strengths, Token Protection, B2B.

Security & Compliance 4+

Defender, Purview, sensitivity labels, backup decision frameworks.

Scripts & Automation 2+

Microsoft Graph PowerShell, tenant inventory automation patterns.

Microsoft 365 Copilot 3+

Copilot readiness, SharePoint Advanced Management, Agent 365.

Monthly Updates Live

Curated monthly tracker: 30 items per edition with impact badges.

🚀

Microsoft Intune & endpoint management. Defender for Endpoint onboarding, Secure Boot 2026 certificate transition, Group Policy to Intune migration, Endpoint Privilege Management deployment patterns.

📧

Exchange Online mail flow & security. Transport rule patterns, mail flow decision builder, SMTP AUTH / HVE / Graph / ACS sending pattern comparison, connector audit checklists.

🔐

Microsoft Entra & identity hardening. Token Protection in Conditional Access, Authentication Strengths and phishing-resistant MFA migration, sign-in log troubleshooting.

🛡

Security & compliance posture. Sensitivity labels governance, Microsoft 365 Backup vs third-party decision framework, Defender XDR, Purview retention strategy.

🤖

Microsoft 365 Copilot & Agent 365. SharePoint Advanced Management for Copilot readiness, Agent 365 admin field guide, governance of AI agents in the tenant.

📅

Monthly Microsoft 365 tracker. One curated edition per month: 30 items across the workloads with impact badges, source links and the next-month preview.

Latest field guides

Recent practical guides on tenant operations, security and architecture. New articles publish roughly weekly.

Microsoft Intune

Secure Boot 2026 Certificate Transition: Field Guide for Windows IT Admins

Microsoft Secure Boot certificates from 2011 begin expiring in June 2026. Inventory, validation, and phased deployment of the 2023 family across endpoints and servers.

📅 26 May 2026 ⏱ 16 min read

Microsoft Intune

Group Policy to Intune Migration Guide 2026: Inventory, Mapping and Cutover

GPO to Intune migration is a tool swap on the slide and an architecture change in the room. Realistic readiness path with phasing, cutover and operating model.

📅 21 May 2026 ⏱ 22 min read

Security & Compliance

Sensitivity Labels Decision Builder 2026: Classification Is Governance, Not Just Marking

Interactive guide to designing a sensitivity label strategy: taxonomy, file vs container labels, encryption, auto-labeling, DLP integration and Copilot readiness.

📅 13 May 2026 ⏱ 18 min read

Exchange Online

Exchange Online Mail Flow Decision Builder: Rules, Connectors and Sending Patterns for 2026

Interactive decision builder, recommended patterns for 16 real-world scenarios, SMTP AUTH / HVE / Graph / ACS comparison, and the dangerous bypass rules to fix.

📅 6 May 2026 ⏱ 20 min read

Exchange Online

Exchange Online Transport Rules: Real-World Patterns That Actually Work in Production

Baseline rules most tenants need, external sender tagging, disclaimers, security patterns, the AND/OR condition trap, priority logic, and a 14-point audit checklist.

📅 24 April 2026 ⏱ 19 min read

Monthly Updates

Microsoft 365: May 2026 Recap and What to Watch in June

30 items across Intune, Exchange, Entra ID, Defender, Purview and Copilot — with impact badges, source links, and the June preview tracker.

📅 21 May 2026 ⏱ 12 min read

Monthly Microsoft 365 tracker

One post per month. Thirty Microsoft 365 items across Intune, Exchange Online, Entra ID, Defender, Purview and Copilot, each scored with an impact badge and linked to its Microsoft Learn or Microsoft 365 Roadmap source.

📝

Latest edition: Microsoft 365 May 2026 Recap and What to Watch in June — 30 items, full source linking, June preview included.

About this site

I'm Tiago S. Carvalho, a Microsoft 365 architect and consultant. I work with organisations to audit, harden and modernise Microsoft 365 tenants — from Intune device management to Exchange Online mail flow, Entra ID Conditional Access, Defender, Purview and Copilot readiness. The field guides on this site are the realistic operational notes from those engagements.

If your tenant has an upcoming assessment, a security posture review, a phishing-resistant MFA rollout, or a Copilot readiness conversation on the calendar — that is the work I do.

📧

Get the monthly tracker in your inbox. New field guides as they publish, plus the monthly Microsoft 365 roundup. No marketing, no noise. Subscribe to the newsletter.

Need a second pair of eyes on your Microsoft 365 tenant?

I help organisations review, harden and modernise Intune, Exchange Online, Entra ID, Defender, Purview and Copilot readiness.

Get in touch