Manage Microsoft 365 tenant’s configuration with Microsoft365DSC: Part one
Getting started with Microsoft365DSC
The burden of PowerShell modules installation & version updates for different Microsoft365 workloads such as Exchange online, SharePoint, Teams, Azure AD etcetera; connecting to and signing out of PowerShell sessions to modify tenant level settings for various workloads has been abstracted and layered on top of these several supported underlying modules/dependencies with Microsoft365DSC module — a one click install.
The module allows you to extract Microsoft 365 tenant(s) desired configuration and manage the workloads throughout their lifecycle as code. Think of it as one-configuration-to-rule-them-all. To note, Microsoft365DSC can be extended to modify and manage specific workload’s data as well.
Launch PowerShell window with elevated permissions. PowerShell 5.1 recommended
· Installing Windows PowerShell — PowerShell | Microsoft Docs
Install-Module -Name Microsoft365DSC -RequiredVersion 1.20.716.1The Microsoft365DSC modules downloads all required dependencies such as AAD — Azure Active Directory, EXO — Exchange Online, O365 — Office 365 administration, Intune — Intune, OD — OneDrive, Planner — Planner, PP — Power Platform, SC — Security and Compliance, SPO — SharePoint Online and Teams — Microsoft Teams. Afterwards, accessibility into the tenant’s infrastructure and configuration becomes seamless.
The free open-source tool — Microsoft365DSC builds around 6 main pillars that is in line with modern day DevOps best practices
Automate
Automate the deployment of your Microsoft 365 Tenant’s configuration for all major workload Change Management processes with Azure DevOps. Bring your environment(s) to a “desired state” with DSC, store the DSC code in a source control — Azure DevOps/Github and track configuration changes across Microsoft 365 workloads with Microsoft365DSC. The source control system easily manages and tracks tenant configuration changes over its lifecycle.
Export
Export Full fidelity configurations from existing Microsoft 365 tenants. The Export-M365DSCConfiguration cmdlet is exposed after Microsoft365DSC module installation. On running the cmdlet, a Graphical User interface is prompted where you can select component(s) to extract. Appropriate admin login credentials are required to access the selected workloads or components. The Desired State configuration will be exported and saved as .ps1 (PowerShell file) configuration file. However, you can convert and generate HTML or .CSV file format from this .ps1 file.
Synchronize
Extract and replicate Desired state configuration across multiple Microsoft 365 tenants in one or several organizations. The configuration file will handle all the workloads and enforce synchronization thereby eliminating errors in manual modification and ensuring all the tenants & various workloads are configured in a precise and consistent manner.
Assess
Create an ‘Approved’ Configuration definition for Microsoft 365 tenants in your organization. Assess the tenant’s configurations against the ‘Approved’ configuration serving as a Blueprint. This approach helps to stay compliant with best practices and most importantly, regional rules and regulations. The current tenant’s configuration can be generated to compare against Desired State Configuration, or to compare between two tenants and to further generate a rich and detailed discrepancy report.
Monitor
Continuously monitor your Microsoft365 tenant for discrepancies, also known as configuration drifts. Under the hood, a job automatically runs every fifteen (15) minutes by default although this could be changed to daily or weekly, but maximum is thirty (30) days. The job performs a consistency check to ensure current Microsoft 365 workload’s configuration is continually in a desired state.
Also, consistency check can be manually initiated via PowerShell cmdlet to bypass the automatic run.
With Azure DevOps pipelines, there are up to three (3) actions to fix drifts if any is detected during the consistency checks. In ApplyOnly mode, DSC will apply the configuration changes and mark as done. The default DSC agent mode, ApplyAndMonitor, will configure changes and continuously monitor the current for configuration drifts which are logged to the DSC agent. The ApplyAndAutoCorrect mode will apply configuration, continuously monitor for drifts and log if detected, this point, the configuration will be reapplied to ensure compliance.
Report
New-M365DSCReportFromConfiguration cmdlet leverages the Microsoft365 dependency — DSC parser to convert configuration into objects from which is a full and detailed report is generated. With the source configuration file, a delta report can be generated, and compared against a target or point-in-time configuration to produce a discrepancy report.
New-M365DSCDeltaReport -Source C:\dsc\source.ps1 -Destination C:\dsc\target.ps1 -OutputPath c:\dsc\delta.html**the above compares a source config to target config (could be another tenant’s or point-in-time config) and generates a delta report in .html file (change to .xlsx for excel format)
The report is in .ps1 format but can be converted to a more reader-friendly file formats such as .html or .xlsx.
New-M365DSCReportFromConfiguration -Type Excel -Configuration C:\dsc\source.ps1 -OutputPath C:\dsc\report.xlsxNew-M365DSCReportFromConfiguration -Type HTML -Configuration C:\dsc\source.ps1 -OutputPath C:\dsc\report.html
- *above converts from .ps1 to .html/.xlsx
Use Cases
Create a development Microsoft365 tenant with same configuration as the production tenant for testing and troubleshooting purposes.
Merger & Acquisition. Assess both the source and target tenant’s configuration, determine discrepancies and what configuration should supersede especially in situations where organizations are bound by legal, regulatory, or organizational compliance requirements.
Back-Up. Take a snapshot of the Desired Configuration of existing Microsoft 365 tenant(s) workloads with Microsoft365DSC and restore or push same configuration to another tenant.
References
https://microsoft365dsc.com/user-guide/get-started/complete-story/
https://github.com/microsoft/Microsoft365DSC/wiki/Getting-Started
