About Roy Klooster
I'm Roy Klooster, an M365 Solution Architect and Compliance & Automation Engineer at Inforcer, based in the Amsterdam area of the Netherlands. I've spent 8+ years designing modern workplace solutions with Microsoft 365, building security and compliance baselines, and creating automation tooling for both enterprise IT teams and managed service providers. The thread through all of it is the same: take the parts of Microsoft 365 that are genuinely powerful but fiddly to operate at scale, and make them dependable, documented, and repeatable.
My day-to-day work spans the full M365 stack: Intune endpoint management across Windows, macOS, iOS, and Android, Entra ID identity governance, Conditional Access policy design, Microsoft Defender for Endpoint, and PowerShell automation with the Microsoft Graph API. I focus on making security and compliance practical - turning complex configurations into repeatable, auditable baselines that scale across multiple tenants without drifting out of policy or quietly breaking the next time something changes upstream.
Before my current focus on compliance and automation, I spent years as a modern workplace consultant and solution architect - work that has taken me through very different environments: public sector, healthcare, education, insurance, and global enterprise. I've delivered Microsoft 365 architecture, Exchange Online migrations, zero-trust rollouts, and baseline programs for organizations ranging from Dutch municipalities and a national sports-facilities operator to healthcare and dental groups, an insurer, a higher-education institution, and an 8,000+ employee global fashion retailer. The constant across all of them is scale and repeatability: configurations that have to survive an audit and behave the same way across many tenants and thousands of endpoints.
The way I work is baseline-first and automation-driven. Instead of clicking through portals one tenant at a time, I codify the desired state - Conditional Access, compliance, Intune configuration, identity governance - into reusable baselines, then use PowerShell and the Microsoft Graph API to deploy, report on, and verify it everywhere. That approach is what most of this blog documents: not just what a feature does, but how to roll it out consistently and prove it's actually enforced - because in a multi-tenant world, an unverified control is, for all practical purposes, the same as no control at all.
Certifications
Alongside the hands-on work, I hold several Microsoft certifications - up to expert level - spanning Microsoft 365 administration and architecture, identity and access management, messaging, and security operations - formal, verifiable backing for the day-to-day.
What I Write About
This blog is where I write up the tools, techniques, and overlooked features I run into across production M365 environments - usually the things that aren't obvious from the documentation alone, and that only really show themselves once you're operating at scale. The content falls into a few categories:
- Forgotten Features - A series spotlighting underused capabilities in Entra ID, Intune, and Conditional Access that solve real problems when configured correctly.
- The MSP License Ladder - A series for managed service providers on when and why to upgrade Microsoft license tiers, with working scripts to justify each step.
- PowerShell Tools - Open-source modules and scripts for M365 reporting, compliance auditing, and multi-tenant management.
Open Source
I maintain several PowerShell modules and tools, all available on GitHub:
- RKSolutions Module - Microsoft Graph reporting for Intune, Entra ID, and M365 license management.
- InforcerCommunity - Community-built PowerShell module for the Inforcer REST API.
- ASR Rule Inspector - Audit tool for verifying Attack Surface Reduction rule enforcement across endpoints.
- MaesterDiff - Compare Maester security baseline test results across tenants or time periods.