Baseline inventory

[sympmarc]

I'm curious what your thinking is for different baselines - and where you came up with the M365.SPO-5.2.yml one.

[tmaestrini]

As stated in the README:

Any configuration baseline is considered to reference the baseline suggestions from the Secure Cloud Business Applications (SCuBA) for Microsoft 365 by CISA and the blueprint by oobe.

For the SPO baseline, we went through these documents and have set the parameters accordingly. There is a small difference between the baseline settings and the attributes that you can set through PnP.Powershell (the Set-PnPTenant cmdlet). Our aim is to deploy any baseline to the tenant without the need of any manual adjustments :)

Feel free to adjust the baseline settings where you don't agree with out suggestion: https://github.com/tmaestrini/easyGovernance/tree/experimental#configuration-baselines

[sympmarc]

Sorry - I had seen that line in the README and promptly forgot I had read it!

Are there other baselines you have in mind? I was thinking we could capture a list of them (though it might be a short list) for later implementation.

[tmaestrini]

Yes, there are other baselines. For the time being, @dako365 and I have worked out the following «approach» which is based on the «Technical Reference Architecture (TRA) by the SCuBA project. On page 5 you will find the so-called "Business Capabilities", which we have in turn taken as "baselines" for the system and supplemented with the following first two points:

1. Tenant Setup (actually, Daniel is elaborating the according definitions)
2. Identity Management
3. Productivity
4. Messaging
5. Content Management (we've assigned SharePoint Online to this pillar – therefore the baseline for SPO is labeled as 5.2 and the one for OD4B as 5.1)
6. Collaboration
7. Voice

The baselines can be enhanced / changed anytime! Once the scope is considered complete, we would like to describe them in detail in a separate repo / project.

What do you think of this approach?

[tmaestrini]

@dako365 how is it going with identity management / tenant setup baselines? Maybe we could share another baseline with @sympmarc to get feedback on our elaboration?

[sympmarc]

It occurs to me we should have an "out of the box" baseline. Something I see a lot is an admin spinning up a new tenant and then just changing things to see what happens. An "out of the box" baseline would help us catch those changes - which they often deny doing, or forget they have done.

[dako365]

@tmaestrini I'm working on it. I think I will upload the first drafts of the baselines for IAM and Tenant at the end of the weekend.

[dako365]

@sympmarc I often have the same experiences as you. And that's also the basic idea behind the project. Baselines, easy to apply to new tenants and a tool for reviewing existing tenants with recommendations.