C Claude Configuration Menu

Configuration board for IT, MSP, security, legal, compliance, and business owners

Configure Claude like an ordering line.

This is an IT design menu. It does not define the firm's policy. It shows the concrete Claude and Microsoft 365 configuration choices, what each setting changes, and which internal owner should weigh in before rollout.

IT Lens

The firm brings the regulatory judgment. This board brings the control map: where Claude has an admin setting, where Microsoft 365 is the real enforcement point, and where policy or process has to fill the gap.

Separate product retention from firm records

Claude retention is a product setting. Whether a prompt, output, file, or draft belongs in the firm's records process is an internal decision. The menu helps them choose the export or archive path before changing retention.

Use Entra as the front door

Most durable controls are Microsoft-side: SSO, SCIM groups, app assignment, Conditional Access, managed devices, Purview labels, DLP, and audit. Claude then inherits a cleaner boundary.

Give builders lanes, not blank checks

Builder flexibility is possible, but it should be a role group with workspaces, spend limits, approved connectors, source-control rules, and a path to promote useful work into governed production use.

Suggested Combos

These are starting points for the meeting, not final policy positions.

Balanced enterprise rollout

Enterprise plan, Entra SSO/SCIM, role groups, export-first records path, files-only M365 pilot, needs-approval tool policy, central skills, controlled builders, Compliance API, and wave rollout.

Minimum surface

Enterprise plan, strict Entra groups, no M365 connector at launch, chat-only capabilities, central skills only, manual exports during pilot, managed-device access, and small invite wave.

Builder enablement

Enterprise plan with controlled builder roles, reviewed custom skills, dev/test API workspaces, approved connector catalog, higher spend caps, monitoring, and promotion gates for repeatable workflows.

Implementation Runbook

The MSP can run this once the firm's internal owners select the menu posture.

Step What gets configured Owner to involve
1. Confirm data and use-case boundaries Collect the firm's allowed/prohibited data categories, client-output rules, and builder boundaries. Translate those into Claude roles, skills, and connector settings. Business sponsor, legal, compliance
2. Build identity and role groups Verify domains, require SSO, configure SCIM, map Entra groups to Claude roles, and define admin/MSP access. IT, MSP, security
3. Decide retention and export path Choose native retention settings and whether Claude data is exported to archive, SIEM, eDiscovery, or manual review during pilot. Records, compliance, IT
4. Pilot M365 connector scope Review Graph consent, set app assignment, apply Conditional Access, confirm Purview labels/DLP posture, and start with a scoped pilot group. IT, security, compliance
5. Publish enablement pack Set organization instructions, provision central skills, publish user guidance, and open a request path for new skills/connectors/builders. Business owner, compliance, IT
6. Expand by evidence Review usage, incidents, support tickets, exports, spend, and connector activity before adding more groups or capabilities. Steering group

Product Sources

Source links are limited to technical product controls. The firm's legal and compliance team should map these settings to their own policies and obligations.