Why this pillar exists
Microsoft 365 is easy to enable but hard to govern at scale. The goal of this pillar is to keep identity, collaboration, and data controls aligned so security and adoption move together.
Core domains
1) Identity and access
- Entra ID as the control plane
- Conditional Access by risk and role
- Privileged Identity Management (PIM)
2) Collaboration surfaces
- Teams + SharePoint site governance
- External sharing policies
- Site lifecycle management
3) Data protection
- Sensitivity labels and default policies
- DLP aligned to business risk
- Retention for legal and compliance
Architecture priorities
- Governance first: define the rules before enabling features
- Least privilege: reduce broad access and shared ownership
- Visibility: audit access and exposure continuously