Enterprise Microsoft 365 & Active Directory Solution Architect Lab
A flagship 5-day bootcamp and self-paced architect lab for M365, Entra ID, Active Directory, Azure AD Connect or Cloud Sync, Exchange Online and hybrid, Teams, SharePoint, OneDrive, Intune, governance, security, monitoring, troubleshooting, documentation, and M&A tenant migration.
Audience
- M365 platform architects and senior administrators moving into architecture ownership
- Identity, messaging, collaboration, endpoint, security, and migration engineers
- Enterprise teams preparing staff for global M365 and AD/Entra ID ownership
Prerequisites
- Basic Windows Server administration
- Basic Active Directory knowledge
- Basic Microsoft 365 admin center familiarity
- Basic PowerShell knowledge
- Networking and DNS fundamentals
Outcomes
- Design and support an enterprise M365 and AD/Entra ID platform.
- Build and troubleshoot hybrid identity using AD DS, Entra ID, Azure AD Connect, and Cloud Sync patterns.
- Administer and govern Exchange Online, Teams, SharePoint, OneDrive, Intune, compliance, and Copilot readiness.
- Create architecture diagrams, ADRs, SOPs, RCA reports, governance policies, migration plans, and support handoffs.
- Plan and execute tenant-to-tenant migration, domain consolidation, coexistence, cutover, rollback, and hypercare.
Built for enterprise role readiness.
The lab combines real Windows/AD practice with an API-backed simulated M365 tenant. Live Microsoft Graph integration is intentionally isolated behind future adapter points, so no tenant IDs, credentials, or customer secrets are hardcoded.
- dc01: AD DS, DNS, OU, GPO, and validation account
- member01: Windows Server administration and hybrid service simulation
- client01: Windows admin workstation and endpoint workflow
- Simulated Tenant Lab: licensing, users, groups, Exchange, Teams, SharePoint, OneDrive, Intune, compliance
- Student workbook
- RCA report builder
- Governance policy builder
- Tenant migration wizard
- Architecture decision records
- Completion report
- Certificate-ready final assessment
Modules and labs
Each module maps to provisioned lab work, validation evidence, reset/rollback policy, and instructor visibility.
Teams, SharePoint, OneDrive, and Collaboration Governance
Collaboration governance policy buildArchitecture Blueprint and Standards Documentation
Architecture blueprint and standards packageDomain Controller template
definedWindows Server 2022 base
TODO: Automate forest creation and safe random lab password rotation in lab-api worker.
Windows Server 2022 base
definedWindows Server 2022 evaluation or licensed ISO
TODO: Build golden image from valid Microsoft evaluation or customer-licensed media.
Windows 11 client
definedWindows 11 Enterprise evaluation or licensed ISO
TODO: Build desktop image with browser, RSAT, Windows Admin Center tools, and lab wallpaper.
Microsoft 365 simulated tenant layer
definedAPI-backed scenario service with Microsoft Graph adapter interface
TODO: Connect a live Microsoft Graph adapter when customer-owned demo tenants and consent model are available.
AD DS and DNS healthy
Directory services, DNS, and LDAP checks pass inside the tenant network.
Domain joined
Computer account is present and secure channel validates.
Windows management reachable
The student access gateway can open a Windows console session.
Simulated M365 tenant ready
The simulated tenant layer exposes users, groups, licensing, Exchange, Teams, SharePoint, OneDrive, Intune, compliance, and service-health scenarios.
M365 governance policy complete
Governance deliverable covers RBAC, least privilege, audit, retention, DLP, release management, exception handling, and review cadence.
Tenant migration plan complete
Plan includes discovery, identity coexistence, domain consolidation, mailbox and collaboration migration, cutover, rollback, communications, and hypercare.
Architecture package complete
Final package includes current state, risk register, target architecture, identity design, governance model, migration roadmap, monitoring model, RCA, and executive summary.