Date: 2026-06-05
Last reviewed: 2026-06-15
Purpose
This control document maps public portfolio claims to repository-local Microsoft 365 / Entra proof files. It exists to prevent unsupported public wording from appearing on the portfolio.
Public Microsoft 365 / Entra claims must remain:
- Repository-local.
- Evidence-backed.
- Limited to the proof files listed here.
- Clear about lab scope and documented limitations.
Scope Boundaries
Supported Scope
- Personal Microsoft 365 / Entra cloud administration lab.
- Read-only Microsoft Graph PowerShell evidence capture.
- Tenant inventory review.
- Identity and access review.
- Conditional Access review.
- Security group targeting.
- App governance review.
- License review.
- Sign-in and audit review.
- Admin center evidence.
- Exchange admin center evidence.
- Sanitized exports.
- SHA-256 proof records.
Unsupported Scope
- Production tenant administration.
- Client tenant administration.
- Enterprise impact metrics.
- Managed Intune fleet.
- Full endpoint management.
- Active home lab infrastructure.
- Proxmox, pfSense, VLAN, or AD DS home lab proof inside this Microsoft 365 / Entra proof scope.
- Current SharePoint availability.
Reviewer Notes
- Public claims must be backed by repository-local proof files, not memory, intent, screenshots stored elsewhere, or undocumented prior work.
- Proof files listed here are the claim boundary for the Microsoft 365 / Entra public surface.
- Do not upgrade lab evidence into production, client, enterprise, SOC, uptime, or business-impact language.
- Do not use Microsoft 365 / Entra proof to support Proxmox, pfSense, VLAN, or AD DS home lab claims unless a separate on-prem home lab evidence file supports that claim.
- SHA-256 records support integrity review for recorded files; they are not a tamper-proof guarantee beyond the captured hashes.
- Intune evidence is limited to the documented validation attempt and limitation notes. It does not support managed Intune fleet administration.
- Conditional Access wording must describe exported policy review and exported policy state. It must not imply client production enforcement or broad enterprise enforcement metrics.
- If a referenced proof file is missing during future review, keep the reference visible and mark it as missing instead of deleting it.
Supported Claims
Microsoft Graph PowerShell Evidence Capture
- Public claim: Microsoft Graph PowerShell evidence capture.
- Proof file:
m365-entra-live-proof-summary-20260605.md - Proof type: Summary with capture method.
- Supported wording: Performed read-only Microsoft Graph PowerShell evidence capture from a personal Microsoft 365 / Entra tenant.
- Page using claim:
index.html,projects.html,resume.html
Tenant Identity and Organization Inventory
- Public claim: Tenant identity and organization inventory.
- Proof file:
evidence/entra-exports-20260605-073748/tenant-organization-domains-skus.json - Proof type: JSON export.
- Supported wording: Reviewed tenant ID, tenant account, organization display name, verified domains, and subscribed SKU records.
- Page using claim:
index.html,projects.html,proof.html,resume.html
Verified Domains
- Public claim: Verified domains.
- Proof file:
evidence/entra-exports-20260605-073748/tenant-organization-domains-skus.json - Proof type: JSON export.
- Supported wording: Verified two domains including
jeremyfontenot.online. - Page using claim:
index.html,dashboard.html,projects.html
Users and Groups
- Public claim: Users and groups.
- Proof files:
evidence/entra-exports-20260605-073748/entra-users-license-state.csvevidence/entra-exports-20260605-073748/entra-groups.csv
- Proof type: Sanitized CSV exports.
- Supported wording: Reviewed seven user license-state rows and eight group rows.
- Page using claim:
projects.html,proof.html,resume.html
Directory Role Review
- Public claim: Directory role review.
- Proof files:
evidence/entra-exports-20260605-073748/entra-directory-roles.csvevidence/entra-exports-20260605-073748/entra-directory-role-assignments.csv
- Proof type: CSV exports.
- Supported wording: Reviewed directory roles and role assignment records for privileged-access awareness.
- Page using claim:
projects.html,proof.html,resume.html
Application Governance / Service Principals
- Public claim: Application governance / service principals.
- Proof files:
evidence/entra-exports-20260605-073748/entra-service-principals.csventra-application-proof-20260605-063206/enterprise-applications-summary.csv
- Proof type: CSV exports.
- Supported wording: Reviewed enterprise applications and service principals for governance awareness.
- Page using claim:
projects.html,proof.html,dashboard.html
App Registrations
- Public claim: App registrations.
- Proof files:
evidence/entra-exports-20260605-073748/entra-applications.csventra-application-proof-20260605-063206/app-registrations-summary.csv
- Proof type: CSV exports.
- Supported wording: Reviewed eight app registration records.
- Page using claim:
projects.html,dashboard.html
OAuth Grants
- Public claim: OAuth grants.
- Proof file:
entra-application-proof-20260605-063206/oauth2-permission-grants-summary.csv - Proof type: CSV export.
- Supported wording: Reviewed 16 OAuth permission grant records.
- Page using claim:
projects.html,dashboard.html
License and Service Plan Review
- Public claim: License and service plan review.
- Proof files:
evidence/entra-exports-20260605-073748/tenant-organization-domains-skus.jsonentra-license-proof-20260605-063412/subscribed-sku-service-plans.csv
- Proof type: JSON and CSV exports.
- Supported wording: Reviewed three subscribed SKUs, 68 service plans, and one licensed user record.
- Page using claim:
projects.html,dashboard.html,resume.html
Conditional Access Review
- Public claim: Conditional Access review.
- Proof files:
evidence/entra-exports-20260605-073748/entra-conditional-access-policies-summary.csvevidence/entra-exports-20260605-073748/entra-conditional-access-policies.json
- Proof type: CSV and JSON exports.
- Supported wording: Reviewed exported Conditional Access policy records, including enabled policy rows.
- Page using claim:
index.html,projects.html,proof.html,resume.html
Security Group Targeting
- Public claim: Security group targeting.
- Proof files:
evidence/entra-exports-20260605-073748/entra-sg-block-legacy-auth-group.csvevidence/entra-exports-20260605-073748/entra-sg-block-legacy-auth-members.csv
- Proof type: CSV exports.
- Supported wording: Reviewed SG-Block-Legacy-Auth group targeting and membership evidence.
- Page using claim:
index.html,projects.html,proof.html,resume.html
Authentication and Security Policy Review
- Public claim: Authentication and security policy review.
- Proof files:
evidence/entra-exports-20260605-073748/entra-authentication-methods-policy.jsonevidence/entra-exports-20260605-073748/entra-authorization-policy-security-defaults.json
- Proof type: JSON exports.
- Supported wording: Reviewed authentication-method policy and authorization/security-defaults state.
- Page using claim:
projects.html,proof.html,resume.html
Audit and Sign-In Log Review
- Public claim: Audit and sign-in log review.
- Proof files:
evidence/entra-exports-20260605-073748/entra-signins-last-30-days.csvevidence/entra-exports-20260605-073748/entra-directory-audit-last-30-days.csv
- Proof type: CSV exports.
- Supported wording: Reviewed sign-in and directory audit visibility from exported records.
- Page using claim:
projects.html,proof.html,dashboard.html,resume.html
Device Inventory Review
- Public claim: Device inventory review.
- Proof files:
evidence/entra-exports-20260605-073748/entra-devices.csventra-device-proof-20260605-043942/entra-device-proof-summary.json
- Proof type: CSV and JSON exports.
- Supported wording: Reviewed Entra device inventory.
- Page using claim:
projects.html,proof.html,resume.html
Intune Validation Limitation
- Public claim: Intune validation limitation.
- Proof files:
intune-managed-device-proof-fallback-20260605-044051/README.mdintune-managed-device-proof-fallback-20260605-044051/intune-managed-device-proof-summary.json
- Proof type: Limitation note and JSON summary.
- Supported wording: Documented Intune managed-device validation attempt with access/licensing or API-scope limitation.
- Page using claim:
proof.html,resume.html
Microsoft 365 Admin Center Evidence
- Public claim: Microsoft 365 admin center evidence.
- Proof files:
evidence/entra-exports-20260605-073748/m365-admin-center-homepage-20260605.pngevidence/entra-exports-20260605-073748/m365-admin-center-domains-jeremyfontenot-online-20260605.pngevidence/entra-exports-20260605-073748/m365-admin-center-licenses-20260605.png
- Proof type: Screenshots.
- Supported wording: Reviewed Microsoft 365 admin center access, domain visibility, license visibility, users, and groups.
- Page using claim:
index.html,proof.html,resume.html,contact.html
Exchange Admin Center Evidence
- Public claim: Exchange admin center evidence.
- Proof files:
evidence/entra-exports-20260605-073748/exchange-admin-center-microsoft-365-groups-20260605.pngevidence/entra-exports-20260605-073748/exchange-admin-center-microsoft-365-groups-export-20260605.csvevidence/entra-exports-20260605-073748/exchange-online-powershell-connection-attempt.md
- Proof type: Screenshot, CSV export, documentation note.
- Supported wording: Reviewed Exchange admin center Microsoft 365 groups evidence and connection-attempt documentation.
- Page using claim:
projects.html,proof.html,resume.html
SHA-256 Proof Integrity
- Public claim: SHA-256 proof integrity.
- Proof files:
m365-entra-proof-hashes-20260605.csvevidence/entra-exports-20260605-073748/microsoft-365-lab-evidence-manifest-20260605.csv
- Proof type: Hash CSV and manifest.
- Supported wording: Maintained SHA-256 indexed proof records for evidence integrity review.
- Page using claim:
index.html,proof.html,dashboard.html,resume.html
Proof Inventory Count
- Public claim: Proof inventory count.
- Proof files:
m365-entra-proof-inventory-20260605.csvm365-entra-proof-hashes-20260605.csv
- Proof type: Inventory and hash CSVs.
- Supported wording: Dashboard counts represent captured evidence inventory and hash records only.
- Page using claim:
dashboard.html,proof.html
Unsupported Claims
Microsoft Graph PowerShell Evidence Capture
- Unsupported wording to avoid: Production tenant administration; client tenant administration.
Tenant Identity and Organization Inventory
- Unsupported wording to avoid: Enterprise tenant ownership; paid subscription claim beyond exported SKU records.
Verified Domains
- Unsupported wording to avoid: Current SharePoint availability; production domain administration.
Users and Groups
- Unsupported wording to avoid: Managed workforce; enterprise user population.
Directory Role Review
- Unsupported wording to avoid: Production privileged-access program ownership.
Application Governance / Service Principals
- Unsupported wording to avoid: Client app governance; production app portfolio ownership.
App Registrations
- Unsupported wording to avoid: Built or operated all app registrations in production.
OAuth Grants
- Unsupported wording to avoid: Enterprise consent program ownership.
License and Service Plan Review
- Unsupported wording to avoid: Current paid subscription status beyond exported records.
Conditional Access Review
- Unsupported wording to avoid: Client production enforcement; broad enterprise enforcement metrics.
Security Group Targeting
- Unsupported wording to avoid: Organization-wide endpoint fleet management.
Authentication and Security Policy Review
- Unsupported wording to avoid: Security program ownership in production.
Audit and Sign-In Log Review
- Unsupported wording to avoid: SOC ownership; enterprise detection metrics.
Device Inventory Review
- Unsupported wording to avoid: Managed Intune fleet; full endpoint management.
Intune Validation Limitation
- Unsupported wording to avoid: Active Intune administration; managed Intune fleet.
Microsoft 365 Admin Center Evidence
- Unsupported wording to avoid: Current SharePoint hosting; production administration.
Exchange Admin Center Evidence
- Unsupported wording to avoid: Exchange production administration; mail-flow ownership metrics.
SHA-256 Proof Integrity
- Unsupported wording to avoid: Tamper-proof guarantee beyond recorded hashes.
Proof Inventory Count
- Unsupported wording to avoid: Employment metrics; client impact metrics; production uptime metrics.
Safe Portfolio Language
Use wording such as:
- Reviewed exported Microsoft 365 / Entra records.
- Documented tenant inventory, identity records, groups, roles, applications, licenses, devices, sign-ins, and audit logs.
- Captured read-only evidence from a personal Microsoft 365 / Entra lab tenant.
- Validated exported records against repository-local proof files.
- Mapped public claims to repository-local proof.
- Maintained SHA-256 indexed proof records for evidence integrity review.
- Documented Intune managed-device validation limitations.
- Reviewed exported Conditional Access policy records and related security policy state.
- Evidence-backed portfolio documentation.
Language to Avoid
Avoid wording that implies:
- Managed enterprise environment.
- Owned production tenant.
- Implemented across organization.
- Reduced risk by X%.
- Improved uptime.
- SOC monitoring or SOC ownership.
- Managed Intune fleet.
- Production deployment.
- Client environment.
- Production tenant administration.
- Enterprise tenant ownership.
- Full endpoint management.
- Current SharePoint availability.
- Tamper-proof guarantee beyond recorded hashes.
- Enterprise impact metrics.