UIAO End User Training Guide

Transition to modern authentication and cloud services

CONTROLLED | GCC-MODERATE

UIAO End User Training Guide

Your Transition to Modern Authentication and Cloud Services

What's Changing, Why It Matters, and How to Set Up Your New Experience

Classification: Controlled | Boundary: GCC-Moderate

Version: 1.0.0 | April 21, 2026

Author: Michael Stratton

Repository: https://github.com/WhalerMike/uiao

Table of Contents

1. What's Changing and Why

2. Passwordless Authentication Setup

3. Understanding Conditional Access

4. Certificate-Based Authentication (Entra CBA)

5. OneDrive Known Folder Move

6. Intune Company Portal

7. Self-Service Password Reset (SSPR)

8. Self-Service Group Management

9. Frequently Asked Questions

10. Quick Reference Card

11. Appendix A — Glossary

12. Appendix B — Cross-References

1 — What's Changing and Why

Welcome! If you're reading this guide, it means your organization is taking an exciting step forward in how you sign in and access your everyday tools. Don't worry — this is about making your work life easier and more secure, not harder.

What's Happening?

We're modernizing the way you sign in to your work applications and access your files. Until now, you've been using a traditional username and password managed by Active Directory — a system that's been around for a long time and has served us well. Going forward, your identity will be managed by Microsoft Entra ID (formerly known as Azure Active Directory), which is Microsoft's modern, cloud-based identity platform.

Think of it this way: we're upgrading from the old lock-and-key system to a modern smart lock that recognizes you automatically.

What Are the Benefits for You?

• Passwordless sign-in: No more remembering complex passwords or dealing with password resets! Sign in with your fingerprint, face, or a simple tap on your phone.

• Single sign-on (SSO): Sign in once and get access to all your work apps — Outlook, Teams, SharePoint, and more — without signing in again and again.

• Stronger security without more friction: Modern authentication is actually both easier to use and harder for attackers to compromise. You get better protection with less hassle.

• Self-service capabilities: Reset your own password, manage your security settings, and request access to resources — all without calling the help desk.

When Is This Happening?

Changes are rolling out in phases. You'll receive advance notice before anything changes for your specific team or department. There's no need to rush — you'll have plenty of time and support for each step.

What Stays the Same?

Your files, your email, your applications — everything you use today continues to work. You'll still open the same apps and find your documents in the same places. What changes is how you prove who you are when you sign in, and where your files are backed up for safety.

Key Message This is about making your work life easier and more secure, not harder. Every change in this guide is designed to save you time, protect your data, and simplify your day.

[Placeholder — Diagram USR-001: Before and After Overview — 800×400px] Side-by-side comparison showing "Before" (password sticky notes, VPN connections, mapped drives, multiple logins) vs. "After" (fingerprint/PIN sign-in, SSO, OneDrive, one sign-in for everything)

2 — Passwordless Authentication Setup

2.1 — Overview: Why Passwordless?

Passwords are the #1 target for cyber attackers. They can be guessed, stolen, phished, or leaked in data breaches. And let's be honest — remembering a unique, complex password for every app is no fun for anyone.

The good news? Passwordless authentication is actually easier AND more secure. Instead of typing a password, you prove who you are with something that's much harder to steal — your fingerprint, your face, or a tap on your phone.

Your IT team will guide you on which option to set up, but here are the three methods available:

Method	How It Works	Best For
Windows Hello for Business	Face, fingerprint, or PIN on your PC	Everyday use on your work PC
Microsoft Authenticator App	Approve sign-in from your phone	Sign-in from any device; MFA
FIDO2 Security Key	USB key — insert and tap	Shared workstations; high-security

2.2 — Setting Up Windows Hello for Business

Windows Hello lets you sign in to your PC with your face, fingerprint, or a short PIN — no password needed. Here's how to set it up:

13. Look for the enrollment prompt. After your organization enables Windows Hello, you'll see a prompt during sign-in that says "Your organization requires Windows Hello." Follow the on-screen instructions to get started.

14. Set up your PIN first. Click "Set up PIN" and create a PIN that is at least 6 digits long. This PIN only works on this specific device — it's not like a regular password.

15. Set up fingerprint recognition (if available). If your device has a fingerprint reader, go to: Settings → Accounts → Sign-in options → Fingerprint recognition → Set up. Follow the prompts to scan your fingerprint.

16. Set up facial recognition (if available). If your device has an infrared (IR) camera, go to: Settings → Accounts → Sign-in options → Facial recognition → Set up. Look at the camera when prompted to register your face.

17. Test it! Lock your PC by pressing Win + L, then sign back in using your face, fingerprint, or PIN. If it works — you're all set!

Tip — Your PIN Is NOT Like a Password Your Windows Hello PIN is tied to your specific device and protected by hardware security. Even if someone watches you type it, they can't use it on any other computer. That's what makes it more secure than a traditional password.

[Placeholder — Image USR-002: Windows Hello Setup Screen — 700×400px] Shows the Windows Hello enrollment prompt with PIN, fingerprint, and face options highlighted

2.3 — Setting Up Microsoft Authenticator

The Microsoft Authenticator app turns your phone into a powerful sign-in tool. Once set up, you can approve sign-in requests with a single tap — no password typing required.

18. Install the app. Download "Microsoft Authenticator" from the Apple App Store (iPhone) or Google Play Store (Android).

19. Add your work account. Open the app, tap the "+" button, and select "Work or school account."

20. Sign in when prompted. Enter your work email address and follow the sign-in prompts.

21. Register the app with your account. On your computer, open a browser and go to https://mysignins.microsoft.com.

22. Add the sign-in method. Click "Security info" → "Add sign-in method" → select "Authenticator app" from the dropdown.

23. Scan the QR code. Follow the on-screen wizard. When a QR code appears, open the Authenticator app on your phone and scan it.

24. Approve the test notification. A test notification will be sent to your phone. Tap "Approve" to confirm everything is connected.

25. Enable phone sign-in. In the Authenticator app, tap on your work account and select "Enable phone sign-in." This lets you sign in by matching a number on your phone instead of typing a password.

Tip — Tap Instead of Type Once phone sign-in is enabled, signing in is as easy as matching a two-digit number on your phone and tapping "Approve." It takes about three seconds — much faster (and safer) than typing a password!

[Placeholder — Image USR-003: Authenticator App QR Code Flow — 700×400px] Shows the three-step flow: (1) install app, (2) scan QR code, (3) approve notification

2.4 — Using a FIDO2 Security Key

A FIDO2 security key is a small USB device that acts as your sign-in credential. It's mainly used for shared workstations, kiosks, or environments with extra-high security requirements.

26. Get your key from IT. Your IT team will provide you with a FIDO2-compatible security key (USB-A or USB-C, depending on your device).

27. Register the key. Go to https://mysignins.microsoft.com → click "Security info" → "Add sign-in method."

28. Select "Security key." Choose "USB device" when prompted.

29. Insert and tap. Insert your security key into the USB port when prompted, then tap the button or sensor on the key.

30. Create a key PIN. You'll be asked to create a PIN for the key itself (this serves as a backup verification method).

31. You're done! To sign in going forward: insert the key → tap → done.

Note Security keys are mainly used for shared workstations, kiosks, or high-security environments. Most users will use Windows Hello or the Authenticator app for their day-to-day sign-in.

3 — Understanding Conditional Access

3.1 — What Is Conditional Access?

Think of Conditional Access as a smart security guard for your work apps and data. Every time you sign in or access a resource, it quietly checks a few things in the background:

• Who you are — Is your identity verified?

• Where you are — Are you on a trusted network (e.g., the office) or somewhere else?

• What device you're using — Is it a managed, compliant work device?

• What you're trying to access — Is it a general app or something sensitive?

Based on these factors, Conditional Access makes a decision: allow access, require extra verification (like an Authenticator prompt), or block access entirely. The great news is that you don't need to do anything — it works automatically in the background. Most of the time, you won't even notice it.

3.2 — What You Might Experience

Here are some common scenarios you might encounter, along with friendly explanations of why they happen:

What You See	Why It Happens
"I was asked to verify on my phone even though I'm at the office."	Your device might not be recognized yet, or you're accessing sensitive data that always requires extra verification.
"I can access Outlook but got blocked from SharePoint."	Different apps can have different security requirements. SharePoint may require a compliant device or specific network.
"I can't access work apps from my personal laptop."	Your organization may require managed (company-owned or enrolled) devices for certain applications.
"I was asked to update my device."	Your device needs a security update before it meets compliance requirements for accessing work resources.
"I got a 'You can't get there from here' message."	You may be on an untrusted network or an unmanaged device. Try from your work PC or connect to VPN first.

3.3 — What to Do If You're Blocked

If you're unable to access a work resource, follow these steps:

32. Check the basics. Are you on your work device? Are you connected to the office network or VPN?

33. Check for Windows Updates. Go to Settings → Update & Security → Windows Update and install any pending updates.

34. Update your Authenticator app. Open your phone's app store and make sure Microsoft Authenticator is up to date.

35. Contact IT if still blocked. Reach out to the IT Help Desk and be ready to share:

    • Your username

    • The app you were trying to access

    • The error message displayed

    • The correlation ID (shown at the bottom of the error page — see image below)

[Placeholder — Image USR-004: Conditional Access Block Screen — 700×350px] Shows a typical "You can't access this right now" error page with the correlation ID highlighted at the bottom, with an arrow and callout text: "Share this ID with IT — it helps them diagnose the issue quickly."

Tip — Screenshot the Error When you see a block or error page, take a quick screenshot (press Win + Shift + S) before closing the page. This captures the correlation ID and error details, which makes it much faster for IT to help you.

4 — Certificate-Based Authentication (Entra CBA)

4.1 — What Is Certificate-Based Authentication?

Some applications use digital certificates instead of passwords to verify your identity. Think of a certificate as a digital ID card stored securely on your device. It proves who you are without you typing anything — your device handles the entire process automatically behind the scenes.

Here's the best part: your IT team manages all the certificates for you. You don't need to install, renew, or manage them yourself. They're deployed to your device automatically through Intune.

4.2 — What You'll Notice

• For apps that use certificate-based authentication, you may see a "Select a certificate" popup the first time you access the app.

• Choose the certificate that matches your work email address. The issuer name will typically include your organization's name.

• After you select it the first time, your browser remembers your choice — you won't be asked again for that app.

• If your certificate expires, IT will push a new one automatically via Intune. You shouldn't need to do anything.

Tip — Picking the Right Certificate If you see a certificate prompt and aren't sure which one to pick, choose the one issued by your organization (the issuer name will include your company name). When in doubt, contact IT — they can confirm which certificate to select.

5 — OneDrive Known Folder Move

5.1 — What's Happening to My Files?

Your Desktop, Documents, and Pictures folders are being backed up to OneDrive — Microsoft's cloud storage service. This is called Known Folder Move, and it's one of the best things happening in this transition.

Here's what it means for you:

• Your files are automatically backed up to the cloud, so if your PC ever crashes, gets lost, or needs to be replaced, your files are safe and sound.

• You can find your files in the same places on your PC. Nothing moves on your screen — your Desktop is still your Desktop, your Documents folder is still your Documents folder.

• Access your files from any device — your phone, a loaner laptop, or a web browser at home.

5.2 — What You'll See

Here's the step-by-step experience when Known Folder Move activates:

36. A notification appears saying "Your IT administrator has enabled backup of your important folders."

37. Click "Start backup" (or it may happen automatically, depending on your organization's settings).

38. Look for the OneDrive cloud icon in your system tray (bottom-right corner of your screen, near the clock).

39. A blue sync icon will appear briefly on your files as they upload to the cloud.

40. When complete, your files show a green checkmark — they're safely backed up!

5.3 — Working with OneDrive Files

Once Known Folder Move is active, you'll notice small status icons on your files in File Explorer. Here's what they mean:

Icon	Status	What It Means
✔	Green checkmark	Saved on your PC and in the cloud — fully synced
☁	Blue cloud	Available online only — saves disk space; downloads when you open it
↻	Blue arrows (syncing)	Currently uploading or downloading — give it a moment
✘	Red X	Sync error — click the OneDrive icon in the system tray for details

Useful things you can do:

• Keep a file available offline: Right-click the file → "Always keep on this device"

• Share a file with a coworker: Right-click → "Share" → enter a name or email

• Recover an older version: Right-click → "Version history" to browse and restore previous versions

[Placeholder — Image USR-005: OneDrive Sync Status Icons — 700×250px] Shows the four OneDrive status icons (green checkmark, blue cloud, blue arrows, red X) with friendly descriptions beside each

5.4 — What About My Mapped Drives (H:, S:, etc.)?

If you currently use mapped network drives (like H: for your personal drive or S: for a shared team drive), here's what to expect:

• Personal drives (H:) are being replaced by OneDrive. Your Known Folder Move (above) handles this transition.

• Shared/team drives (S:, etc.) are moving to SharePoint team sites. Your team's files will be accessible at https://yourtenant.sharepoint.com or by syncing SharePoint libraries to File Explorer.

• During the transition, both old drives and new locations will be available side by side, so you won't lose access to anything.

• Your IT team will communicate the specific timeline for your team's migration from mapped drives to SharePoint.

Important Don't delete files from the old mapped drives yourself. IT will handle the migration and decommission of old drives on a coordinated schedule. If you delete files prematurely, they may not be recoverable.

6 — Intune Company Portal

6.1 — What Is Company Portal?

Company Portal is your one-stop shop for work applications. Think of it like an app store — but specifically for apps that have been approved and configured by your IT team. It also shows you the compliance status of your device, so you can make sure everything is up to date.

6.2 — Installing Company Portal

Platform	How to Get It
Windows	Pre-installed on managed devices, or install from the Microsoft Store
iOS (iPhone/iPad)	Download from the Apple App Store
Android	Download from the Google Play Store

Once installed, sign in with your work email address to see your available apps and device status.

6.3 — Using Company Portal

• Browse available apps: Open Company Portal → click the "Apps" tab to see all applications available to you.

• Install an app: Click the app you need → click "Install" → follow any prompts. The app installs automatically.

• Check device compliance: Click the "Devices" tab → select your device → view your compliance status.

• Fix compliance issues: If your device shows "Not compliant," click on the issue to see what needs to be fixed. It's usually a pending Windows update or a security setting that needs to be enabled.

6.4 — Enrolling a New Device

If you receive a new work PC or need to enroll your device in management, follow these steps:

41. Go to Settings → Accounts → "Access work or school" → "Connect."

42. Enter your work email address and follow the on-screen prompts.

43. Company Portal will install automatically once enrollment is complete.

44. Your device will begin receiving security policies and approved apps from your IT team.

[Placeholder — Image USR-006: Company Portal Main Screen — 700×400px] Shows the Company Portal app with the Apps tab active, displaying tiles of available applications, with the Devices tab and compliance status visible in the sidebar

Tip — Bookmark Company Portal Pin Company Portal to your taskbar for quick access. Right-click the Company Portal icon → "Pin to taskbar." This way, installing new apps or checking compliance is always one click away.

7 — Self-Service Password Reset (SSPR)

7.1 — Setting Up SSPR

Before you ever need to reset your password, take five minutes to set up your recovery methods. This way, if you're ever locked out, you can get back in on your own — no help desk call needed.

45. Open your browser and go to https://mysignins.microsoft.com.

46. Click "Security info."

47. Make sure you have at least TWO methods registered from the following:

    • Microsoft Authenticator app (recommended — you may have already set this up in Section 2)

    • Phone number (for SMS text codes or phone calls)

    • Alternate email (a personal email address for recovery)

Important — Do This Now Don't wait until you're locked out to set up SSPR. Take a moment right now to go to https://mysignins.microsoft.com and register your recovery methods. Future-you will thank present-you!

7.2 — Resetting Your Password

If you forget your password or it expires, you have two ways to reset it:

Option A — From the Windows Sign-In Screen

48. On the Windows sign-in screen, click "I forgot my password" (or "Reset password").

49. Enter your work email address.

50. Complete verification: Approve the notification on your Authenticator app, or enter the SMS code sent to your phone.

51. Create a new password. Your new password must meet complexity requirements: 14+ characters, with a mix of uppercase letters, lowercase letters, numbers, and special characters.

52. Sign in with your new password.

Option B — From Any Web Browser

53. Go to https://passwordreset.microsoftonline.com.

54. Follow the same verification and password creation steps as above.

Tip — Passwordless Means Fewer Resets Once you've set up passwordless sign-in (Windows Hello or Authenticator), you'll rarely need to reset your password. But it's always a good idea to have SSPR configured as a safety net — just in case!

7.3 — Unlocking Your Account

If your account gets locked (usually because of too many incorrect sign-in attempts), here's what to do:

55. Wait 30 minutes. Accounts automatically unlock after the lockout period expires.

56. Or use SSPR to reset your password, which also unlocks your account immediately.

57. If neither works, contact the IT Help Desk for assistance.

Note If your account is getting locked frequently and you're not entering the wrong password, this could indicate that someone else is trying to sign in as you. Contact IT immediately so they can investigate and secure your account.

8 — Self-Service Group Management

8.1 — Managing Your Groups

Groups control access to shared resources like SharePoint sites, Teams channels, shared mailboxes, and applications. You can view and manage your group memberships through a self-service portal.

58. Go to https://myaccount.microsoft.com.

59. Click "Groups" in the left navigation.

60. You'll see all groups you currently belong to.

For groups that have self-service enabled, you can:

• Join a group — some require owner approval, others are open

• Leave a group you no longer need

• View group members to see who else is in the group

8.2 — Requesting Access to Resources

Need access to a SharePoint site, Teams channel, or application? Here's how:

• Click "Request access" on the resource if the option is available, or ask the group owner directly.

• Approvals are handled automatically — you'll receive an email notification when your request is approved or denied.

• If you need access urgently, contact the group owner directly or reach out to the IT Help Desk.

Tip — Finding the Group Owner Not sure who owns a group? Go to myaccount.microsoft.com → Groups, search for the group, and the owner's name will be listed. You can click their name to send them an email.

9 — Frequently Asked Questions

Below are answers to the most common questions about the transition. If your question isn't here, don't hesitate to reach out to the IT Help Desk.

Sign-In & Authentication

Q: "Why do I have to set up a PIN? Isn't that less secure than a password?"

A: Great question — and it's actually the opposite! Your Windows Hello PIN is more secure than a password because it only works on your specific device and is backed by hardware security (a special chip called a TPM). Even if someone watches you type your PIN, they can't use it on any other computer. A password, by contrast, works from anywhere in the world.

Q: "I set up Windows Hello but I'm still being asked for a password sometimes. Why?"

A: Some older applications haven't been updated to support modern authentication yet. As we continue modernizing, these password prompts will gradually disappear. In the meantime, your password still works for those apps — and you can use SSPR (Section 7) if you ever forget it.

Q: "What if I lose my phone with the Authenticator app?"

A: Contact the IT Help Desk immediately. They can revoke access from your old phone and help you set up the Authenticator on a new device. Your account remains secure because the Authenticator requires your phone's biometrics (fingerprint or face) or lock screen PIN to approve any sign-in.

Q: "Can I use my personal phone for the Authenticator app?"

A: Yes! The Microsoft Authenticator app does not give your organization access to your personal phone, photos, messages, or browsing. It only handles sign-in approvals and nothing else. Your personal data stays completely private.

Q: "I'm getting too many MFA prompts. Is something wrong?"

A: If you're on a managed work device connected to the office network, you shouldn't be prompted frequently. If you are, contact IT — it could indicate a configuration issue, or in rare cases, it might mean someone else is trying to sign in to your account. Better safe than sorry!

Files & OneDrive

Q: "What happens if I accidentally delete a file from OneDrive?"

A: Don't panic! OneDrive has a Recycle Bin. Go to https://onedrive.com → click "Recycle bin" in the left panel → find your file → click "Restore." Files stay in the Recycle Bin for up to 93 days, so you have plenty of time to recover them.

Q: "My OneDrive is full. What do I do?"

A: Check your storage at https://onedrive.com → Settings → Storage. Consider moving large files you don't access regularly to a SharePoint site (which has separate, larger storage). If you still need more space, contact IT to discuss your options.

Q: "Can I access my files from my phone?"

A: Absolutely! Install the OneDrive app on your phone (available on both iPhone and Android) and sign in with your work account. You can view, edit, and share files from anywhere with an internet connection.

Device & Compliance

Q: "Company Portal says my device isn't compliant. Will I lose access?"

A: You'll typically have a grace period (usually 24–72 hours) to fix the issue before access is restricted. Open Company Portal, click on the compliance issue, and it will tell you exactly what needs to be fixed — it's usually a pending Windows update. Install the update, restart your PC, and you should be back to compliant.

Q: "I got a new computer. How do I get my work apps back?"

A: Sign in with your work account during Windows setup. Your files will sync automatically from OneDrive. Open Company Portal to reinstall your work applications. Most of your settings will transfer automatically through your Microsoft account and Intune policies.

General

Q: "Who do I contact if something isn't working?"

A: Contact the IT Help Desk at [your help desk contact info]. When you call or email, please have the following ready: your username, your device name (find it at Settings → System → About → "Device name"), and any error messages or screenshots you captured.

Q: "Will these changes affect my personal Microsoft account?"

A: No. Your personal Microsoft account (used for Outlook.com, Xbox, personal OneDrive, etc.) is completely separate from your work account. Changes to your work identity have zero impact on your personal accounts.

Q: "Can my organization see my personal files or browsing history?"

A: No. Intune and Company Portal only manage work-related settings, security policies, and approved work apps. Your personal files, photos, browsing history, text messages, and personal apps are private and remain private. Your organization cannot access them.

Q: "What if I'm traveling and don't have internet?"

A: Files you've marked "Always keep on this device" in OneDrive work fully offline. Any changes you make will sync automatically the next time you connect to the internet. For sign-in, Windows Hello (face, fingerprint, or PIN) works offline — you don't need internet to unlock your PC.

Q: "These changes seem overwhelming. Do I have to do everything at once?"

A: Not at all! Changes are rolling out in phases, and you'll be supported every step of the way. If you want to get ahead, start with the Authenticator app setup (Section 2.3) — it takes about 5 minutes and is the single most impactful thing you can do. Everything else follows naturally from there.

10 — Quick Reference Card

Print this page and keep it at your desk for quick access to the most common tasks and links.

Task	Where to Go
Sign-in settings & security info	https://mysignins.microsoft.com
Reset your password	https://passwordreset.microsoftonline.com
My account info & groups	https://myaccount.microsoft.com
OneDrive files (web)	https://onedrive.com
SharePoint team sites	https://yourtenant.sharepoint.com
Company Portal (apps & compliance)	Pre-installed on managed devices, or install from the Microsoft Store
Group management	https://myaccount.microsoft.com → Groups
IT Help Desk	[Contact info — phone, email, support portal]

Tip — Your Top 3 Actions If you do nothing else today, do these three things: (1) Set up the Microsoft Authenticator app (Section 2.3). (2) Register your SSPR recovery methods (Section 7.1). (3) Confirm your OneDrive is syncing (look for the green checkmarks in File Explorer). These three steps cover 90% of what you need for a smooth transition.

Appendix A — Glossary

Here are the key terms used in this guide, explained in plain language:

Term	What It Means
Microsoft Entra ID	Formerly known as Azure Active Directory (Azure AD). This is Microsoft's cloud-based identity service that manages who you are and what you're allowed to access. Think of it as the modern replacement for the traditional Active Directory your organization has used.
Conditional Access	Smart security rules that automatically check your identity, device, and location before granting access to work resources. It's like a security guard that makes decisions based on context — no action needed from you.
FIDO2	An industry standard for passwordless security keys. FIDO2 keys are small USB devices that let you sign in by inserting the key and tapping a button — no password needed.
Intune	Microsoft's device management service. It keeps your work device secure and up to date by pushing security policies, updates, and approved apps. It's what powers the Company Portal app.
Multi-Factor Authentication (MFA)	Verifying your identity using two or more methods — typically something you know (password or PIN) plus something you have (your phone or security key). MFA makes it much harder for attackers to access your account.
OneDrive	Your personal cloud storage for work files. It automatically backs up your Desktop, Documents, and Pictures folders so your files are safe and accessible from any device.
SharePoint	Your team's cloud storage and collaboration platform. SharePoint sites replace traditional shared network drives (like S: drives) and allow real-time collaboration, version history, and secure sharing.
Single Sign-On (SSO)	Sign in once and get access to all your work apps — Outlook, Teams, SharePoint, and more — without being asked to sign in again for each one.
Windows Hello	A Windows feature that lets you sign in using your face, fingerprint, or a device-specific PIN instead of a password. It's fast, convenient, and more secure than traditional passwords.
Certificate-Based Authentication (CBA)	A method of proving your identity using a digital certificate stored on your device. Your device handles the authentication automatically — you don't need to type anything. IT manages the certificates for you.

Appendix B — Cross-References

The following companion documents are available in the UIAO repository for IT administrators and technical staff. These provide deeper technical detail behind the user-facing changes described in this guide.

Document	Description	Audience
UIAO Identity Modernization Guide	Comprehensive guide for IT administrators managing the identity transition from Active Directory to Entra ID	IT Administrators
UIAO Conditional Access Policy Library	Reference library for IT administrators configuring and managing Conditional Access policies	IT Administrators
UIAO Intune Policy Templates	Templates and configuration guides for IT administrators managing device compliance through Intune	IT Administrators
UIAO Operations Runbook	Day-to-day operational procedures for IT administrators handling identity, device, and access management	IT Administrators

All documents are maintained in the UIAO repository: https://github.com/WhalerMike/uiao

UIAO End User Training Guide — Version 1.0.0 — April 21, 2026

Author: Michael Stratton

Classification: Controlled | Boundary: GCC-Moderate

Repository: https://github.com/WhalerMike/uiao

CONTROLLED | GCC-MODERATE