Overhaul Docs Structure

.vscode/tasks.json

@@ -33,4 +33,4 @@
             "problemMatcher": []
         }
     ]
-}
+}

docs/Data-Gateway/index.md

@@ -0,0 +1,5 @@
+# Data Gateway
+
+🚧 **This page is still under development.**
+
+

docs/SHIELD/Defend/Deployment.md

@@ -0,0 +1,59 @@
+# Deployment
+
+The Defend module is deployed automatically as part of the SHIELD platform’s **Core Infrastructure deployment** process. It does not require any separate deployment scripts or packages.
+
+This page clarifies when and how Defend becomes active, and what its dependencies are.
+
+---
+
+## When Is Defend Activated?
+
+Defend becomes available immediately after the **Deploy Core Infrastructure** action is completed in the SHIELD UI.
+
+This process provisions all objects that Defend needs in order to operate:
+
+- Security groups by security class (Enterprise, Specialized, Privileged)
+- Entra ID Administrative Units for lifecycle scope isolation
+- Intune Scope Tags and associated device policies
+- Lifecycle engine triggers and UI cards
+
+Once this is complete, the **Lifecycle Device Management** and **Lifecycle User Management** cards appear in the SHIELD UI.
+
+---
+
+## No Separate Installer Required
+
+There is no separate installer, script, or action to "deploy Defend."
+
+Instead, this module is:
+
+- **Provisioned as part of the Deploy module's infrastructure**
+- **Enabled via the SHIELD web app** once infrastructure provisioning is complete
+
+You can verify readiness by visiting `{your-subdomain}.azurewebsites.net` and checking that:
+
+- The home screen includes Lifecycle action cards
+- Clicking them loads the correct views with no warnings
+
+---
+
+## Prerequisites
+
+To use Defend, the following must already be deployed:
+
+- Core infrastructure via Deploy
+- Required Entra ID roles (Global Reader, Security Admin)
+- Devices or users exist in Entra ID and are synced with Intune (where applicable)
+- Defender for Endpoint workspace is initialized (for device enforcement)
+
+📖 [View Full Prerequisites](Prerequisites.md)
+
+---
+
+## Related Pages
+
+- [Defend Overview](index.md)
+- [Defend Usage Guide](Usage-Guide/index.md)
+- [Defend Reference](Reference/index.md)
+- [Troubleshooting](Troubleshooting.md)
+- [SHIELD Platform Deployment](../Getting-Started.md)

docs/SHIELD/Defend/Prerequisites.md

@@ -0,0 +1,66 @@
+# Prerequisites
+
+The Defend module manages user and device lifecycle operations. Before using this module, the following prerequisites must be in place within your Microsoft 365 environment.
+
+These requirements ensure that SHIELD can enforce security controls, commission resources, and assign users or devices to their correct roles.
+
+---
+
+## Infrastructure Requirements
+
+The Defend module relies on infrastructure that must be deployed via the Deploy module. Specifically, the following must already exist:
+
+- Core infrastructure has been deployed via the **Deploy Core Infrastructure** action
+- Conditional Access policies are applied based on security class
+- Entra ID Administrative Units and security groups are provisioned
+- Intune is configured with scope tags
+
+📖 See [SHIELD Platform Prerequisites](../Prerequisites/index.md)
+
+---
+
+## Role-Based Permissions
+
+To use Defend’s lifecycle functionality, the signed-in admin must have the following roles in Entra ID:
+
+| Role | Reason |
+|------|--------|
+| Global Reader | Required to enumerate users and devices |
+| Security Administrator | Required for actions that interact with Defender and Intune APIs |
+| User Administrator | Required for privileged user provisioning and removal |
+
+---
+
+## Device and User Sync
+
+For SHIELD to manage identities and endpoints, the following must be true:
+
+- Users are present in Entra ID
+- Devices are registered or hybrid-joined with Entra ID
+- Devices must be visible in Intune (for privileged device management)
+- Users and devices must be assigned to the correct security class
+
+---
+
+## Defender for Endpoint Readiness
+
+SHIELD uses Microsoft Defender for Endpoint to enforce privileged device controls. The Defender portal must have a provisioned workspace before certain lifecycle actions can succeed.
+
+To verify:
+
+1. Go to [Microsoft 365 Defender](https://security.microsoft.com){:target="_blank"}
+2. Click on **Devices**
+3. If a table of devices appears, your workspace is ready
+4. If prompted to initialize setup, follow instructions and wait until the UI is fully active
+
+📖 For more detail, see the [Defend Usage Guide](Usage-Guide/index.md), under **Defender for Endpoint Workspace Creation**
+
+---
+
+## Related Pages
+
+- [Defend Deployment](Deployment.md)
+- [Defend Usage Guide](Usage-Guide/index.md)
+- [Hardware Requirements](Reference/index.md)
+- [SHIELD Prerequisites](../Prerequisites/index.md)
+

docs/SHIELD/Reference/Architecture/Diagrams/Device-Assign.md → docs/SHIELD/Defend/Reference/Diagrams/Device-Assign.md

@@ -4,7 +4,7 @@ hide:
 ---
 # Device - Assign
 
-The lifecycle management engine is responsible for a variety of tasks. Below is the flowchart of the logical process that is completed when a device is [assigned one or more users](../../../Getting-Started/Usage-Guide/Lifecycle-Management/Device/2-Assign.md).
+The lifecycle management engine is responsible for a variety of tasks. Below is the flowchart of the logical process that is completed when a device is [assigned one or more users](../../Usage-Guide/Device/2-Assign.md).
 
 ---