Out-of-the-box playbooks: introduction

  • Last update on March 19th, 2024

Table of Contents

Out-of-the-Box playbooks are pre-configured collections of policies that are beneficial to any organization. They are flexible, best-practice templates that automatically detect and resolve issues in your Microsoft 365 environment. With these playbooks, you can easily stay ahead of policy violations and compliance issues, ultimately enhancing your security, cost-effectiveness, and productivity without the need for lengthy implementation processes.

When to use them

If you're unsure about which policies to manage, Out-of-the-box playbooks offer a great starting point.

These ready-to-use solutions can be quickly and easily implemented, providing you with flexible templates based on industry best practices.


Security & Identity

These policies allow you to implement components to develop a comprehensive security strategy. They are a simple and effective solution for enhancing security, particularly in protecting sensitive information against attacks such as phishing, brute force, and other forms of unauthorized access, preventing account takeovers, and increasing security for cloud-based services.

  • User without MFA
  • Admin without MFA
  • Users without default MFA method
  • Admin on cloud without strong password 
  • Inactive last 60 days but not blocked Users
  • Inactive Guests in the last 90 days
  • Admin with password not changed in the last 90 days

Teams management

Microsoft Teams has the potential to grow out of control easily and quickly.

From a security perspective, new teams and channels can be created effortlessly, files and other data can be added without ensuring proper user access, guest users can be added indefinitely, and there is little motivation to clean up unused resources.

Moreover, from a productivity standpoint, the accumulation of files and data in Teams can make it challenging for employees to locate the correct and most relevant information.

Teams policies provide recommended practices to enhance both security and productivity.

  • Empty Teams Groups
  • Inactive Teams Groups
  • Inactive Guest Users in the last 90 days
  • External User(s) in security groups
  • External User(s) in Microsoft 365 Groups
  • Teams Groups with Guest Users
  • Teams Channels with External UsersTeams with Guest Users
  • Teams with guest users that have a certain sensitivity label
  • Inactive Teams users with 'Audio conferencing' license

License management

These policies provide recommended practices for identifying and preventing license waste, while also ensuring the protection of valuable data.

  • Inactive Office 365:
    E1, E3, E5, F3, G1, G3, G5 Plans
  • Inactive Microsoft 365:
    E3, E5, F1, F3, F5 Plans
  • Licenses Assigned to Guest Users
  • Licenses Assigned to basic Shared Mailboxes
  • Unused Teams Audio conferencing license
  • Unused Teams Voice license (PSTN)
  • Disabled Users with Assigned Licenses

SharePoint & OneDrive Management policies

These policies aid in data security and compliance. They help manage inactive sites, control sharing, set link expiration policies, and monitor external file sharing. They underscore the need for regular alerts and reports for informed decision-making.

  • Inactive SharePoint sites
  • SharePoint sites with anonymous sharing
  • SharePoint sites with anonymous sharing and a certain sensitivity label
  • SharePoint sites with anonymous sharing and no expiration policy
  • SharePoint sites with external sharing and no expiration policy
  • SharePoint sites with files shared externally
  • SharePoint external invitations alert
  • OneDrive with files shared externally

Exchange Management policies

The Exchange Management Out-of-the-Box policies offer a comprehensive set of remediation actions and configurable settings aimed at optimizing mailbox management and enhancing data security.

  • Distribution Groups with Owners
  • Inactive Shared Mailboxes
  • Mailboxes Over Prohibit Send/Receive Quota %
  • Mailboxes Over Warning Quota
  • Mailboxes with Audit Disabled
  • Mailboxes with External Forwarding
  • Shared Mailboxes with Unblocked Credential
  • Shared Mailboxes without Delegation
  • Unlicensed Shared Mailbox Approaching 50GB Limit
  • Users without Litigation Hold