Phase 2: Identity

In Microsoft 365 Enterprise, a well-planned and executed identity infrastructure paves the way for stronger security and access to your productivity workloads and their data only by authenticated users and devices.


If you’ve already deployed an identity infrastructure, please see the identity exit criteria to make sure that you meet the required and optional conditions for Microsoft 365 Enterprise.

Plan and deploy your Microsoft 365 Enterprise identity infrastructure

Before you begin, watch this video for an overview of identity models and authentication for Microsoft 365.

Use the following steps to plan and deploy your new identity infrastructure in the cloud. You can also use these steps to adapt your existing on-premises or hybrid identity infrastructure to work with Microsoft 365 Enterprise.

Plan for users and groups
Secure your privileged identities
Configure hybrid identity
Configure secure user authentication
Simplify access for users
Use groups for easier management

When you've completed these steps, go to the exit criteria for this phase to ensure that you meet the required and optional conditions for Microsoft 365 Enterprise.

Identity and device access recommendations

Microsoft provides a set of recommendations for identity and device access to ensure a secure and productive workforce. For identity, use the recommendations and settings in the following articles along with the steps in this phase:

How Microsoft does Microsoft 365 Enterprise

Learn how IT experts at Microsoft manage identities and secure access.

How Contoso did Microsoft 365 Enterprise

See how the Contoso Corporation, a fictional but representative multi-national business, deployed a hybrid identity infrastructure for Microsoft 365 cloud services.

Next step

Plan for users and groups