Microsoft Adoption Score supports an organization's journey to digital transformation. Microsoft Adoption Score provides metrics, insights, and recommendations in two areas:

• people experiences
• technology experiences

See https://learn.microsoft.com/en-us/training/modules/manage-tenant-services-microsoft-365/3-monitor-tenant-health-use-adoption-score .

Attributes of a well‐designed Microsoft Entra tenant

The following blog entry is from https://learn.microsoft.com/en-us/training/modules/configure-microsoft-365-experience/2-explore-your-microsoft-365-cloud-environment with additional, own information.

For organizations that plan to synchronize identities between their on-premises directory service and Microsoft 365, they must ensure they properly configured their Microsoft Entra ID deployment. See checklist on https://learn.microsoft.com/en-us/training/modules/prepare-synchronization-microsoft-365/2-plan-microsoft-entra-deployment.

• Phase 1: Build a foundation of security
• Phase 2: Import users, enable synchronization, and manage devices
• Phase 3: Manage applications
• Phase 4: Audit privileged identities, complete an access review, and manage user lifecycle

See the Security rapid modernization plan https://learn.microsoft.com/en-us/security/privileged-access-workstations/security-rapid-modernization-plan.

An organization that properly designs and manages these elements ensures that its user experiences with cloud productivity apps—such as Microsoft Teams and Exchange Online—are effective, secure, and performant.

An organization must properly configure and manage the following elements for their Microsoft Entra tenant:

1. The correct set of products (subscriptions) and licenses.

   • The set of products match its business, IT, and security needs.
   • There's an adequate number of licenses for its workers and anticipated changes in staffing.

2. For networking:

   • It configured the correct DNS domain names.
   • For enterprise networks, it optimized network traffic to the Microsoft network for onsite workers.
   • It optimized network traffic for remote workers who use a VPN client.

3. If it has an on-premises Active Directory Domain Service (AD DS), it synchronized accounts, groups, and other objects:

   • It mapped its Microsoft Entra tenant accounts to Exchange Online mailboxes with the correct DNS domains for email addresses.
   • It assigned its user accounts the correct licenses from the correct purchased products (such as Microsoft 365 E3 or E5).

4. It configured strong identity and access management.

   • It requires secure user sign-in with passwordless or multifactor authentication (MFA).
   • It created Conditional Access policies that enforce sign-in requirements and restrictions for higher levels of security.

5. It either migrated on-premises Office servers and their data to cloud apps, or it deployed that data in a hybrid configuration.

6. It performs device management with Intune or Basic Mobility and Security built into Microsoft 365.

   • It enrolls and manages organization-owned devices.
   • It manages apps for personal devices.