Home Modern Workplace Mastery Welcome to Modern Workplace Mastery – and to CalderCloud Co
Illustration of a diverse team in a calm modern digital workspace, with a stylised valley and cloud representing CalderCloud Co and the Modern Workplace Mastery series.

Welcome to Modern Workplace Mastery – and to CalderCloud Co

Modern Workplace Mastery is a narrative series that follows a fictitious-but-realistic organisation, CalderCloud Co, as we design, build and evolve a Microsoft 365 modern workplace that is secure, sustainable and mentally healthy – from the very first tenant decision.

Table of Contents

TL;DR – What Modern Workplace Mastery & CalderCloud Co Are All About

This TL;DR gives you a quick, friendly overview of what Modern Workplace Mastery is really about and why CalderCloud Co exists at the heart of it.

 

CalderCloud is a completely fictitious organisation – much like Microsoft’s Contoso – but its pressures are very real: messy tools, data leaks, productivity black holes and people quietly burning out. It’s our safe test bed for showing how a global company can hit reset and build a Microsoft-first modern workplace properly, in the open.

 

In the following slides, you’ll see the core story, the ethos (Understand → Evolve → Transform), the five non-negotiables that shape every decision, and how Topic 1 – Microsoft 365 tenant foundations – will unfold.

 

The aim is simple: you should be able to mirror this journey in your own tenant or dev environment, learning from CalderCloud’s choices without exposing any real organisation or real people, and without wading through yet another pile of shallow “how-to” snippets.

What is Modern Workplace Mastery?

A Microsoft 365 series following one fictitious organisation, CalderCloud Co. Focusing on architecture, governance, automation and mental health - not just buttons. Grounded in current Microsoft guidance and trusted community knowledge. Designed so you can mirror or adapt the journey in your own tenant.

Who is CalderCloud Co?

A fictitious department inside a larger global company, created after years of messy tooling and incidents. Mandate: design and run a Microsoft-first modern workplace for the group. Behaves like a real UK SME: finite budget, mixed skills, real regulation and time pressure. Used as a safe, public teaching tenant – no real customer data, all characters fictional.

The Ethos: Understand → Evolve → Transform

Understand – goals, constraints, history, risks and human realities. Evolve – improve existing processes with sensible Microsoft 365 changes. Transform – only when foundations are solid and people are on board. Avoids big-bang “transformations” that look good in slides and terrible in real life.

Five Non-Negotiables for Any Tenant

Clear tenant ownership and simple governance for change. Identity and access deliberately designed in Entra ID, with MFA and Conditional Access as baseline. Devices treated as first-class citizens via Intune and realistic policies. Users and communication patterns considered, not assumed. Mental health and sustainability treated as constraints, not nice-to-haves.

Topic 1: Microsoft 365 Tenant Foundations

Focus on domains, naming, licences and initial Entra ID decisions. Early choices about admin roles, support models and tenant branding. Baseline security posture: security defaults, Baseline Security Mode or Conditional Access. Shows the “foundations workshop” with CalderCloud leadership and IT.

How to Use This Series Yourself

Mirror CalderCloud’s steps in a dev tenant as a lab. Apply patterns and guardrails to production with local adjustments. Share relevant sections with staff, leadership and technical teams. Use artefacts (scripts, checklists, TL;DR cards) in your own documentation.

Intent and Next Steps

This series is not a sales funnel or a takedown of anyone else’s content. Purpose: educate, share knowledge, reduce confusion, raise the quality bar. Personal goal: help enough people, deeply enough, to earn MVP consideration. Next: Topic 1 posts on Microsoft 365 tenant foundations - start there if you’re ready to build along with CalderCloud Co.

What Modern Workplace Mastery Is (and Isn’t)

Let’s start with the obvious question:

 

What exactly is Modern Workplace Mastery?

 

It’s not another series of disconnected “how do I” or “click this button in admin centre X?” posts. We have enough of those, and half of them are out of date by the time you bookmark them. It’s not a thinly veiled sales funnel, and it’s not pretending that every organisation is an enterprise with a limitless E5 budget and a 20-person IT team.

 

Modern Workplace Mastery is a long-form narrative journey about doing Microsoft 365 properly in the real world.

It’s built around:

  • A single fictitious but realistic organisation, CalderCloud Co, acting as our teaching tenant (much like Microsoft’s Contoso).

  • A focus on architecture, governance, automation and mental health, not just features.

  • Guidance that tracks modern Microsoft 365 best practices – tenant management, security baselines, identity and device design – while translating them into something humans can read and implement.

 

Everything you see here is grounded on my personal experience – 30+ years in IT, in official Microsoft documentation, modern experienced – tried and tested – deployment guides, and battle-tested community knowledge and similar resources.

But you will also see something that’s often missing: the messy bits – the trade-offs, half-steps, “we’ll park that for phase two” decisions, conflicting requirements and the emotional weight of working in complex systems.

 

If you follow along, you should be able to:

  • Mirror this journey in your own production tenant (carefully and after testing),

  • Or practice the same decisions and patterns in your own developer / test tenant,

  • Without needing to guess what’s happening behind the scenes.

Meet CalderCloud Co: Our Fictitious, Real Organisation

CalderCloud Co didn’t appear out of nowhere. Behind it sits a larger, unnamed global organisation that looks suspiciously like many real companies: multiple regions, overlapping tools, a mixture of home-grown and SaaS systems, and a long history of “just make it work” decisions that nobody ever had time to revisit.

 

Over the last few years, that organisation has experienced:

  • Data leaks and near misses that shook confidence.

  • Frustrated staff juggling too many collaboration tools.

  • Lost documents and half-migrated content scattered across old file shares, cloud storage and personal devices.

  • A rising tide of support tickets and quiet burnout in the IT team.

Eventually, leadership reached a point we’re starting to see more often in real tenants:

 

“We cannot keep piling new tools on top of old problems. We need a clean, modern, Microsoft-first foundation and we need to do it properly.”

 

Rather than spinning up yet another “Project Phoenix” that disappears in a year, the group created a new internal department with a very specific mandate:

 

CalderCloud Co – to design, build and run a Microsoft-first, cloud-first modern workplace for the whole business, and to turn that approach into something that could be reused with customers in future.

 

CalderCloud Co is the public teaching face of that internal initiative – a fictitious SME-sized slice of the wider group that we can safely model in public without revealing any real customer data, contracts or secrets. It behaves like a real UK SME:

  • Sensible but not infinite budgets.

  • A small but capable IT function, wearing far too many hats.

  • Regulatory pressures and safeguarding responsibilities that actually matter.

  • Staff with mixed levels of digital confidence and patience.

On day one (today) of this series, we’re effectively sitting down in a foundations workshop with CalderCloud’s leadership and IT team:

  • The global group has said: “We’re standardising on Microsoft 365. We cannot afford a repeat of the past.”

  • CalderCloud has been asked to prove that a well-architected Microsoft 365 tenant can reduce risk, improve productivity and make work more sustainable for staff.

  • You come in as a Modern Workplace Architect and Mental Health Advocate, not to perform magic, but to make the decisions visible, explainable and repeatable.

 

Every name, character and internal story in this series is fictitious. That’s deliberate. It means anyone can safely mirror the decisions in their own environment – whether you’re running a school, an SME, a charity or a developer tenant you use for learning. The patterns, risks and choices we’ll explore are the part that’s real.

Show a stylised valley landscape with a modern office building labelled conceptually as CalderCloud Co (no text), sitting in a calm digital “cloud” environment above.

The Rules of the Game: Fiction, Reality and How to Follow Along

Because this is a public series, we need a few ground rules out in the open.

 

What’s fictional:

  • CalderCloud Co as a legal entity.

  • The global group’s name and specific history.

  • All characters, job titles and individual stories (except me).

 

What’s very real:

  • The Microsoft 365 platform, features and admin experiences.

  • The architectural patterns, security and compliance requirements.

  • The identity and device building blocks in Entra ID and Intune.

  • The pressure, confusion and mental load that IT teams, staff and leaders feel.

  • The principles and non-negotiables that shape each decision.

You should read every post in this series with the assumption that:

  • You can repeat these steps in your own tenant (production or dev) with sensible adjustments.

  • You may be earlier or later on your own journey -that’s fine; you don’t have to follow step-for-step.

  • You will always be encouraged to test in safe environments first, especially when we get into automation and PowerShell.

This series is not here to sell you consulting hours. It is here to:

  • Educate.

  • Share knowledge you can actually use.

  • Reduce the amount of half-baked or outdated “guides” people have to wade through.

  • Build a public track record of useful, tested work that, yes, I hope will eventually support an MVP nomination – by helping real people, not by shouting the loudest.

My Ethos: Understand → Evolve → Transform

Underneath all the technical detail, Modern Workplace Mastery runs on three verbs:

Understand

Before changing anything in a tenant, we seek to understand:

  • The organisation’s goals and non-negotiables.

  • The regulatory and safeguarding context.

  • The genuine constraints – budget, staff, skills, time.

  • The current toolset and the scars people already carry from past “transformations”.

  • The emotional reality: How burned out are the IT team? How anxious are staff about more change?

Skipping this step is how you end up with beautiful diagrams and miserable humans.

Evolve

Once we understand the landscape, we evolve it:

  • Use Microsoft 365’s strengths – collaboration, identity, device management, automation – to improve what’s there.

  • Focus on baselines and secure-by-default settings first, not every shiny new feature.

  • Keep changes visible, manageable and reversible wherever possible.

  • Move in increments small enough that people can adapt without constantly breaking.

Transform

Only when foundations are solid do we talk about transforming:

  • Re-architecting major processes.

  • Changing how teams work day to day.

  • Introducing higher-order capabilities (e.g. Copilot, advanced analytics, complex automation).

Transformation is not something you buy with a licence; it’s something you earn by laying solid groundwork and involving people in the journey.

 

Five Non-Negotiables Behind Every Tenant

To keep this ethos honest, I work from five non-negotiables. These are not optional extras; they are the minimum bar for calling a Microsoft 365 tenant “well designed”.

Tenant Ownership & Governance

Someone has to own the tenant.

Not “IT”, not “the cloud team”, not “whoever has the global admin account today”. A clear model for:

  • Who is ultimately accountable.

  • How changes are proposed, approved and documented.

  • How admin roles are delegated and rotated.

For CalderCloud Co, we will define that ownership early and live with the consequences, good and bad.

 

Identity & Access Are Designed, Not Assumed

Identity is the front door. If we get it wrong, nothing else matters.

We will:

  • Treat Entra ID as a design surface, not a wizard.

  • Use MFA and Conditional Access as baselines, not exotic add-ons – in line with Microsoft’s own security-defaults and mandatory MFA direction.

  • Document why each policy exists, not just what it does.

Devices Are First-Class Citizens

A tenant is not just accounts and licences – it’s the devices in people’s hands.

For CalderCloud Co we will:

  • Define a realistic Intune strategy that matches their needs and budget.

  • Set baselines and enrolment patterns that protect data without wrecking usability.

  • Keep unmanaged endpoints visible and intentional, not accidental.

Users Are the Point, Not an Afterthought

If our design only looks good in the admin centre, we’ve failed.

We will:

  • Treat staff experience in Outlook, Teams, SharePoint and other apps as a primary success metric.

  • Communicate changes in  a human (not technical) language.

  • Test new patterns with actual users before declaring victory.

Mental Health & Sustainability Are Design Constraints

If the environment quietly burns people out, the architecture is not “good”.

We will:

  • Assume people are already busy and under pressure.

  • Avoid designs that rely on constant heroics from a few individuals.

  • Pay attention to notification load, after-hours expectations and the emotional weight of being “always reachable”.

These five non-negotiables will show up in almost every decision I make for CalderCloud Co. They are not there to make life harder; they are there to keep us honest.

Week 1 Preview: Microsoft 365 Tenant Foundations for CalderCloud Co

The first major topic in the series is Microsoft 365 Tenant Foundations.

 

Think of it as sitting in that first onboarding workshop with CalderCloud’s leadership and IT, working through questions like:

  • What should our primary domain be, and how will that affect email addresses, user logons and external identity?

  • Which licences make sense for CalderCloud’s size, budget and roadmap – without clicking “E5 everything” just because we can?

  • How do we configure tenant branding, support information and sign-in experiences so people know this is their environment and how to get help?

  • Who are our administrators, what roles do they have, and how do we avoid a single point of failure?

  • Should we start with security defaults, Baseline Security Mode or custom Conditional Access and what does “secure by default” look like for a small but serious organisation in late 2025?

Week 1 will not be a single monster post. It will be broken into focused, practical articles that:

  • Show configuration and explain the reasoning.

  • Compare ideal patterns with “we don’t have that licence yet” constraints.

  • Make clear which bits you can safely skip for now, and which bits you absolutely should not.

If we get the foundations right, everything else we do in CalderCloud’s tenant – identity, devices, Outlook behaviour, automation – has a solid place to stand.


How to Use This Series in Your Own Environment

This series is for you if:

  • You run or support a Microsoft 365 tenant for a school, SME, charity or similar.

  • You’re inheriting a tenant and suspect it’s a bit… “creative”.

  • You want to learn Microsoft 365 properly in a dev tenant, not through random one-off tips.

  • You care about the humans at the other end of your diagrams.

Practically, you can:

  • Mirror CalderCloud’s journey step by step in a dev tenant, treating it as a lab.

  • Adapt the patterns in your production tenant, aligning with your own constraints.

  • Share End User sections with staff and IT Lead sections with leadership.

  • Use Sysadmin sections as starting points for your own documentation and runbooks.

And you can do all of that knowing:

  • I’m not here to sell you anything inside this series.

  • I’m not here to drag other businesses or creators.

  • I am here to shine more light on the parts that are usually hidden or glossed over, so more people can build good tenants without guesswork.

If that helps me on the path to becoming a Microsoft MVP one day, great. But the primary goal is simpler: leave the Microsoft 365 world a bit clearer, calmer and kinder than I found it.


What’s Next

From here, we move into the real work:

  • Week 1 posts on Microsoft 365 Tenant Foundations – starting with ownership, admin roles and initial configuration choices – oh yeah and how to create a tenant!!.

  • Then Week 2 on identity, devices, Intune and Entra ID, building on those foundations.

  • Week 3 is where we meet CalderCloud’s first two new starters and watch how their first week using Outlook for the first time ever actually feels.

This is day one. Let’s build something worth living and working in.

 

🧭 Follow the full journey: You’re welcome to follow along quietly, Questions, disagreements and “we tried this and it hurt” stories are all part of the point. You can catch each post right here and can follow along on LinkedIn, Instagram, or Bluesky.

Thank you for joining me on this journey.

 

🔗 SharePointMark – Modern Workplace Mastery

 

#ModernWorkplace #ModernWorkplaceMastery #MentalHealthAtWork