Setting up exchange server cluster with backups, OWA webmail behind reverse proxy doing IPS+SSO+ MFA, setting up DKIM, DMARC and SPF for this server / testdomain.
Windows PKI using offline and issuing CA. Using these certificates for 802.1x auth.
Hardening Windows Active Directory, setting up LAPS, enforcing TLS where possible, restricting service accounts etc.
Using Azure AD for SAML SSO to where possible. Using JIT or SCIM prorvisioning for accounts. Access roles from groups etc.
Setting up Intune managed workstations with device complience policies and using these policies in conditional access policies.
Setting up exchange server cluster with backups, OWA webmail behind reverse proxy doing IPS+SSO+ MFA, setting up DKIM, DMARC and SPF for this server / testdomain.
Windows PKI using offline and issuing CA. Using these certificates for 802.1x auth.
Hardening Windows Active Directory, setting up LAPS, enforcing TLS where possible, restricting service accounts etc.
Using Azure AD for SAML SSO to where possible. Using JIT or SCIM prorvisioning for accounts. Access roles from groups etc.
Setting up Intune managed workstations with device complience policies and using these policies in conditional access policies.
So yeah mostly Windows stuff.