Provision a brand-new company with proper defaults in Windows, Office365, and Azure.
OrgKit is designed to provide a series of templates to "boot-up" a new highly-documented IT environment for a mid-size organization, serve as a public example of what's possible, be a gold-standard implementation, and allow informed decisions by companies who do not know what's really done by other businesses.
The specific target is a company having to start-over after a complete network compromise, or the spin-up of a new subsidiary business.
If you want to jump ahead, here's some of the work I will be citing in addition to my own, and which you can go ahead and use yourself
- Center for Internet Security baselines
- PAW by Rich "unassassinable"
- win10-secure-baseline-gpo by Maxim Khitrov "mxk"
- Win10-Initial-Setup-Script by "Disassembler0"
- awesome-windows-domain-hardening by "PaulSec"
- Windows-Secure-Host-Baseline by The NSA
- windows-event-forwarding by Palantir
It's important to note that the reason a comprehensive repository of Microsoft product configuration guidance for organizations is so rare is because the entire ecosystem is designed to be customized per-organization. However, most organizations are not equipped nor understand the breadth of what this really means. This divergent configuration history of their customers, along with fears about having to support it, then prevents Microsoft providing strong defaults and guidance in a generic form.
Strictly, Powershell DSC is the correct tool to build and maintain a Windows environment with this level of centralized design and vision. It is a great set of abilities, and it will likely be included in the future. However, this project is aimed at Windows administrators who will already be intimidated by the breadth of new technologies and concepts, and need to run the system over a long-term with other staff.
Powershell DSC is currently a specialized skill designed to revert anything done outside its central control. It requires whole-organization buy-in, and for that reason, the kind of use-cases for this set of guidance cannot rely on it.
None of this project is sold as unique work or groundbreaking. Where possible, it will reference the existing work of others, or heavily credit them in adaptation - with their permission. Many IT organizations have a set of capabilities similar to this. They press a button and can build an entire company, just like this. However, it is proprietary work product their staff cannot publicly share. This is intended to remediate that.