TATER Implementation Guides
Curated, step-by-step rollouts for common security initiatives. Each guide includes prerequisites, ordered steps with verification criteria, rollback notes, and links to the controls and frameworks the initiative advances. Progress is tracked per organization so you can pick up where you left off.
When to use Implementation Guides
Implementation Guides are paired with the rest of the platform but solve a different problem from each:
| Surface | Use it for |
|---|---|
| Implementation Guides | Project-style rollouts. "We are going to implement X this quarter — what are the steps, what could go wrong, and how do we know it worked?" Curated, versioned, periodically reviewed. |
| Playbooks | Incident response. "An alert just fired — what do I do right now?" Action-driven, time-sensitive, run repeatedly. |
| TATERpedia | Reference knowledge. "What do I know about X?" Wiki-style, shared across orgs, free-form, contributable. |
| Network Documentation | This-org's configuration. "What is OUR current state?" Org-specific, lives in a single tenant. |
What's bundled
TATER ships a curated library of guides covering high-leverage security initiatives. The starter set includes:
- Require Compliant Devices via Conditional Access
- Block Legacy Authentication Org-Wide
- Move Admin Roles to Privileged Identity Management (PIM)
- Require MFA for All Users via Conditional Access
- Roll Out DMARC to
p=reject
- Enforce BitLocker on All Windows Endpoints
- Enable Unified Audit Log + 365-Day Retention
- Tighten SharePoint / OneDrive External Sharing
Additional guides are added each quarter. Your organization can also publish private guides — visible only to your org — for custom rollouts (e.g., M&A integration runbooks, regulatory transition plans).
Anatomy of a guide
Every guide has the same structure so they're predictable to consume:
- Header — title, summary, difficulty (Beginner / Intermediate / Advanced), category, time estimate, last review date.
- Prerequisites — what must be true before you start (licenses, pilot groups, communications plan, etc.).
- Ordered steps — numbered, each with description, optional verification ("how you confirm this step worked") and optional rollback ("what to do if it goes wrong").
- Linked controls / frameworks — every control this guide helps remediate, every framework it advances. One click jumps to the control detail.
- Tags — for search and cross-reference.
Per-org progress tracking
Each step has a status drop-down: To do / In progress / Done / N/A. The progress bar at the top of the guide tracks completion per organization. When all steps are Done or N/A, the guide is marked complete with a timestamp.
Switching between organizations preserves each org's progress — the guide library is shared but state is private to your tenant.
Staleness checks
Each guide carries a last reviewed date and a review cadence (default 180 days, configurable). When a guide is older than its review interval, it gets a "Review due" badge in the list view and the detail header. SuperAdmins can update the content (or confirm "still accurate") which resets the timestamp. This way, guides for Microsoft features that change frequently (Conditional Access, Defender) stay current, while less-volatile guides (BitLocker) get reviewed yearly.
Adding a custom guide for your org
OrgAdmin or SuperAdmin can publish org-private guides:
- Implementation Guides → + New Guide.
- Set difficulty + category, then write prerequisites in Markdown.
- Add steps. For each step, fill description (Markdown), optional verification, optional rollback, and an optional link (to a control, an in-app page, an external URL, or a TATERpedia article).
- Tag it. Link the controls it advances. Set a review interval.
- Save. The guide is visible only to your org alongside the curated library.
Best practices
- Always run a pilot. Most guides have an explicit pilot step. Skipping it is the #1 cause of broken rollouts.
- Set a calendar reminder for the next review. When you complete a guide, also create a calendar entry to revisit in 6 months.
- Document exceptions in TATERpedia. When a step doesn't apply to your environment, capture why so the next reviewer doesn't have to re-derive the reasoning.
- Cross-reference your roadmap. If a guide covers controls in an active Compliance Roadmap phase, link them — completing the guide should mark those controls as advanced.
Programmatic access
Implementation guides are exposed via the API for integration with external project management tools:
GET /api/implementation-guides— list with per-org progressGET /api/implementation-guides/{id}— full guide + this org's progressPOST /api/implementation-guides— create / update (Admin or SuperAdmin)PUT /api/implementation-guides/{id}/progress— update step statuses (Auditor+)