Playbooks: overview

  • Last update on September 6th, 2023

By implementing playbooks, you can ensure your policies are continuously enforced. This powerful tool allows you to maintain a secure, productive, and cost-effective Microsoft 365 environment. Learn how to execute your playbooks for maximum effectiveness, how to integrate them into a continuous compliance process, and how to configure them to match your organization's needs.

Why playbooks?

Regulations and standards require organizations to implement a continuous compliance process to ensure ongoing identification, assessment, and mitigation of risks to protect sensitive data and maintain regulatory compliance effectively.

Through playbooks, you can stay compliant with the most critical regulations, standards, and guidelines or best practices such as GDPR, HIPAA, PCI, ISO, FISMA, SOX, NIST, and more.

Playbooks can also be implemented to match your organization’s unique internal policies.

What are playbooks?

Each playbook is a collection of policies related to a known set of circumstances or areas, such as:

  • Identity
  • Membership and permission
  • License
  • Configuration
  • Collaboration and governance

For example:

  • Identity playbooks contain policies that detect users and admins without MFA and enable it.
  • License playbooks contain policies that help you reclaim assigned but unused licenses.
  • Configuration playbooks contain policies that help you identify and disable exchange forwarding.

How do policies work?

Each policy is configured to detect and alert admins about events that do not comply with a rule. And if needed, it can also remediate them.

Let’s see a few examples:

The rule says… The policy discovers… The  executes the following remediation:
All administrators must have MFA enabled. All administrators who do not have MFA enabled. Enable MFA for those administrators.
A license unused for over 90 days should be reclaimed. All assigned licenses inactive in the last 90 days.

A multiple-step process that might include:

  1. Asking for manager approval.
  2. Archive or convert to shared mailbox and change OneDrive owner.
  3. If needed, remove the license.
All salespeople must join the “Sales Enablement Group”. All salespeople who are not members of the group. Add the users as members of the group.