Automate Microsoft 365 Tenant Settings with Microsoft365DSC

Automate Microsoft 365 Settings with Microsoft365DSC 

What’s the first crucial step for every admins? Of course, configuring the Microsoft 365 tenant with accurate settings without any misassignment takes the spot! 

Of course, manually configuring requires endless tab navigation, which is why we switched to PowerShell. But PowerShell didn’t leave us in peace! 😫Now, we’re struggling to install and get used to multiple modules just to fine-tune settings across different Microsoft 365 workloads. 

Imagine a single, powerhouse module that effortlessly handles config deployments across all your workloads. Wake up – it’s no longer just a dream! 🚀Microsoft365DSC is the tool you’ve been waiting for, automatically deploying configurations like Conditional Access, mailbox permission, and more, across various services. 

Now, let’s focus on the Microsoft365DSC tool and take a closer look at one of its standout features – “Automation.” 

What is the Microsoft365DSC Tool? 

Microsoft 365DSC is an open-source tool that helps you manage and configure your entire Microsoft 365 setting in a configuration as code style. It is skillfully constructed atop the PowerShell Desired State Configuration framework, which provides a structured approach for defining and enforcing desired tenant configurations. 


Why We Need Microsoft365DSC Tool? 

Here is why the Microsoft365DSC is a must-have tool for effective Microsoft 365 tenant configuration management. 

  • Automated Deployment of Microsoft 365 Tenant Settings: No more scouring through tabs! Once you create a DSC configuration, you can make changes to it whenever needed and can deploy them in your tenant automatically. 
  • Export Crucial M365 Security Settings: You can effortlessly export configurations from one tenant and sync them seamlessly into others. It helps you maintain a baseline configuration for multiple Microsoft 365 environments! 
  • Generate Handy M365 Tenant Report: Microsoft365DSC facilitates comprehensive analysis of your tenant configuration with insightful Microsft365 reports.  
  • Monitor Microsoft 365 Configuration Changes: You can maintain a watchful eye against unintended alterations in your tenant configuration. This alerts you about any accidental or suspicious drifts and ensures swift identification of changes. 
  • Assess Microsoft 365 Tenant Settings: You can easily spot Microsoft 365 tenant changes by comparing tenant’s configuration against blueprints with Microsoft365DSC. During verification, admins can generate discrepancy reports to find missed items and take steps to refine your Microsoft 365 security practices. 

Do We Manage All Microsoft365 Resources with Microsoft365DSC? 

This tool comprehensively addresses all major Microsoft 365 workloads. In clear, you can automate your Microsoft 365 configurations, settings, and policies across Exchange Online, Teams, SharePoint, OneDrive, Security and Compliance, Power Platforms, Intune, and Planner. So, all you need to do is to set it up once and that’s it!  

 You can automate, extract, configure, monitor, restore, and backup your entire tenant configuration, settings, and policies from the comfort of your seat. 

Here are some of the configurations you can set across different resources with M365DSC. 

Workloads  Tasks 
Entra ID Configure Entra ID applications’ settings 
Manage Entra ID users’ properties 
Implement named location in Conditional Access 
Set Cross-tenant access settings 
Monitor Entra ID Conditional Access 
Export Authentication Methods policy setting and more.  
Exchange Online Configure Exchange Online shared mailbox settings 
Manage Exchange Online mailbox permission 
Implement EXO Safelink Policy 
Monitor Exchange Online distribution group settings and more.   
Intune Deploy Intune role assignments 
Configure Intune account protection policy 
Manage Intune device compliance policy settings and more.   
Office 365 Export admins’ audit log configuration 
Assess Office 365 organization settings and more.  
OneDrive Configure OneDrive Settings 
Power Platform Manage Power Platform tenant settings 
Configure Power Platform tenant isolation settings and more.   
Security and Compliance Configure auto sensitivity label rule 
Manage compliance search setting 
Monitor DLP compliance policy changes and more.   
SharePoint Online Implement SPO Access Control Settings 
Deploy SharePoint Online site settings 
Audit SharePoint site settings and more.   
Microsoft Teams Monitor Teams channel policy changes 
Manage Teams user properties 
Implement Teams meeting policy and more.   

Let’s get into the steps to install and use the Microsoft365DSC tool to automate tenant configuration. But hold on! You need to refer to some prerequisites first! 

Prerequisites for Microsoft365DSC Tool 

Here are some of the prerequisites you need to know before deploying the Microsoft365DSC tool. 

  1. You should have PowerShell version 5.1 or 7.3+. To check the PowerShell version, you can use the “$PSVersionTable” cmdlet. 
  1. It would be better to use a Windows terminal to get the best experience of Microsoft365DSC cmdlets. 
  1. As the Microsoft365DSC tool supports authenticating via user credentials and service principles, you should have valid credentials like password, tenant ID, and app ID with the necessary permissions. 

How to Install Microsoft365DSC Module? 

To install the Microsoft365DSC module, run the cmdlet in PowerShell. 

Install-Module Microsoft365DSC –Force 

Note: Make sure to run the command in the PowerShell Window with administrative rights, otherwise it will not work! Also, it will take two to three minutes to get installed. So, wait until that. ⌛ 

After installing Microsoft365DSC, don’t forget a crucial step: download its missing dependencies. 💯Unlike many modules, it won’t grab them automatically. Run the below cmdlet after installation, and you’ll be good to go! 

Update-M365DSCDependencies 

That’s it, all the dependencies for the module are installed now. Now, let’s get into our main part “how to auto deploy Microsoft 365 tenant configurations with Microsoft365DSC tool”. 

 
Automate Microsoft 365 Tenant Configurations with Microsoft365DSC 

To start automating tenant configurations, it’s crucial to have a solid understanding of PowerShell Desired State Configurations (DSC). Because Microsoft365DSC operates in a configuration-as-code framework, requiring you to express your settings in PowerShell DSC syntax. This DSC code is then used by the tool to achieve effective automation of tenant configurations. 

Important: You need to execute the cmdlet “Export-M365DSCConfiguration” with any parameters of the Microsoft365DSC tool. Executing it will generate two files, one in ps1 and psd1 formats (ConfigurationData.ps1). Subsequently, you should copy and paste the “ConfigurationData.psd1” file to your preferred location where you will store your written DSC code. This step is crucial for the seamless implementation of the configurations you have written. 

Here is the overview on how to implement Automation of Microsoft 365 Settings with M365DSC 

  • Step 1: First, you need to create a code in DSC syntax in PowerShell ISE with the necessary configuration and save the file in .ps1 format. 
  • Step 2: Then, compile your PowerShell configuration to a MOF (Managed Format Object) file. 
  • Step 3: Finally, apply the MOF file to the target Microsoft 365 tenant. 

1. Create a Desired State Configuration (DSC) File 

To explain in detail, we have created a DSC configuration to update all user properties of a new employee within your tenant. Here’s the code. 

param ( 
[parameter()] 
    [System.Management.Automation.PSCredential] 
    $Credential 
) 
Configuration M365TenantConfig 
{ 
    param ( 
        [parameter()] 
        [System.Management.Automation.PSCredential] 
        $Credential 
    ) 
    if ($null -eq $Credential) 
    { 
        <# Credentials #> 
        $Credscredential = Get-Credential -Message "Credentials" 
    } 
    else 
    { 
        $CredsCredential = $Credential 
    } 
    $OrganizationName = $CredsCredential.UserName.Split('@')[1] 
    Import-DscResource -ModuleName 'Microsoft365DSC' -ModuleVersion '1.24.117.1' 
    Node localhost 
    { 
        AADUser "AADUser-Kristi Laar" 
        { 
            City                 = "Chennai"; 
            Country              = "INDIA"; # Specify the country as “Australia”, “Japan”  
            Office               = "24,KPY" 
            Credential           = $Credscredential; 
            UsageLocation        = "AU";#Specify the usage location of the user US (United States), AU (Australia)  
            UserPrincipalName    = "AdeleV@$OrganizationName"; 
            UserType             = "Member"; 
            DisplayName          = "Kristi Langer";#Specify the new display name of the user 
            LicenseAssignment    = @("DEVELOPERPACK_E5"); # Specify the license for the user 

        } 
    } 
} 

M365TenantConfig -ConfigurationData .\ConfigurationData.psd1 -Credential $Credential

Once done, you need to save the file as a .ps1 extension and mark down the location of the file. Now, let’s move to the next step.

Configure Bulk Microsoft 365 Users’ Properties with DSC code 

If you want to configure properties for bulk users, you need to create a CSV file with the respective properties. Let’s see that in detail. 

 To illustrate, We’ve created a sample CSV file that demonstrates how to set properties like ‘City,’ ‘Department,’ ‘Country,’ and ‘Display Name’ for specific users. You can include additional properties as well based on requirements. 

CSV file to automate Microsoft 365 settings with Microsoft365DSC
CSV File for Bulk user properties configuration

If you intend to update the same properties mentioned in the CSV, you can download the provided DSC code and store it in the respective location. 

Download Script : Microsoft365DSC-BulkUpdateUserProperties.ps1 

Automate Microsoft 365 Settings with Microsoft365DSC

Here comes the most special part! Admins won’t need to manage separate scripts for each Microsoft 365 resource. Yeah, Microsoft365DSC makes it easier for admins to unify multiple Microsoft 365 services into a single powerful DSC code! 😎 

  • For instance, if you’ve already created a shared mailbox, you may need to configure or update its properties. And a similar situation may arise for meeting policy configuration to prevent users from engaging in malicious meeting activities. And with M365DSC, you can do both at a time! 

If you’re looking to update the properties outlined below, simply download the provided DSC code and place it in the required location. 

Download Script: Microsoft365DSC – BulkUpdateM365Settings.ps1  

This code will help you update properties like, 

  • Alias name 
  • Annotations                                       
  • Allow users to join meeting        
  • Meeting Initiation permission    
  • Create breakout rooms                          
  • Enable cart captions scheduling                 
  • Set meeting schedule            
  • Cloud recording                         
  • Allow for document collaboration                 
  • Engagement report setting               
  • External participants’ request control  
  • IP audio permission                           
  • IP video permission                              
  • Meeting coach usage                           
  • Meeting reactions                       
  • Meeting registration                    
  • Start ad-hoc meetings                            

2. Compile PowerShell Configuration to a MOF file 

Now, onto the next phase: transform your .ps1 file into a MOF file.  

  • This conversion is essential as the MOF file acts as a machine-readable version, intelligible to the Local Configuration Manager (LCM). Once converted, the tool seamlessly executes it across the relevant Microsoft 365 services.  

So, to convert the .ps1 file to MOF file, run the below in PowerShell. 

.\<filename> -Credential $Global:AdminNonMFA 

When you compile your configuration using Microsoft365DSC, it validates essential parameters and checks for typos. Upon successful compilation, a reassuring message confirms the creation of the MOF file! 

Compile a PowerShell configuration to MOF File to automate Microsoft 365 configurations
Compile a PowerShell configuration to MOF File

The MOF file created during the process is stored in the same location as your configuration file. This file resides within a newly generated subfolder, and this subfolder is named after the configuration object you have specified. 

Generated MOF File
Generated MOF File

3. Automate Microsoft 365 Settings with Microsoft365DSC Cmdlet 

Once done with the above step, you are now ready to implement the configuration for your tenant. To do it, execute the below PowerShell cmdlet. 

Start-DscConfiguration –Path <MOF folder name> -Wait -Verbose –Force 
  • This cmdlet will automatically authenticate against the affected workload using the provided authentication parameters from compilation and apply the configuration settings from the file. 

If you find yourself in a situation where you’ve mistakenly configured your settings, don’t panic! Fortunately, you have the flexibility to utilize the same DSC (Desired State Configuration) code to remove or update the necessary modifications. 

 

Microsoft365DSC – One Module, Endless Automation! 

In a nutshell, no more manual configuration headaches hereafter! 😌Sit back, relax, and witness the automation. Compile a single DSC file for your settings, tweak as needed, and implement them effortlessly. Microsoft365DSC is your shortcut to streamlined and stress-free tenant configuration management. 

I hope this blog brings you more information about how to automate Microsoft 365 settings with Microsoft365DSC in detail. Furthermore, feel free to reach out to us in the comment section for any queries.   

Automate Microsoft 365 Settings with Microsoft365DSC 

time to read: 10 min
Follow us!