How to Clone Microsoft 365 Service Settings Using Microsoft365DSC 

Are you the one who is planning to migrate to a new Microsoft 365 tenant? If so, this question is for you! During Microsoft 365 tenant-to-tenant migration, how will you replicate the same Microsoft 365 settings into the new one? Well, you might initially think of manually configuring them or utilizing third-party migration tools.   

But, at times, you might second-guess whether the decision you’ve made is the right one. Because both have drawbacks such as,  

• Missing out on crucial Microsoft 365 settings 
• Requiring different migration tools for different Microsoft 365 services and more. 

Now, you might be thinking of an alternate way, right? No worries! Microsoft has got a built-in free sync companion tool – Microsoft365DSC! 😎It’s your trusty assistant that effortlessly copies all your existing Microsoft 365 settings from one tenant and pastes it in another tenant. Let’s get into the blog to know more and how to do it! 

What is Microsoft365DSC? 

Microsoft365DSC is an open-source tool built to manage and configure your Microsoft 365 tenant using PowerShell Desired State Configuration (DSC). With its configure-as-code approach, you can design how your tenant should be set up! 

Efficient Microsoft 365 Management with Microsoft365DSC 

👉Automate: No more to the days of mind-numbing manual setups! Automatically deploy your crucial tenant settings and policies with M365DSC and enjoy stress-free Entra ID, EXO, and SPO configuration management.   

👉Compare: Ever played spot-the-difference to catch up with Teams settings changes? Compare your tenants’ security configurations with Microsoft365DSC and spot any missed or wrong configurations between tenants.  

👉Export: Want to back up Microsoft 365 users and groups easily? Microsoft365DSC lets you export your organization settings into CSV and JSON, making it a breeze to apply them during cross tenant migration. 

👉Monitor: Audit Entra ID settings using Microsoft365DSC to spot any sneaky changes in M365 configurations. So that, you can disable Microsoft 365 users from making changes to crucial CA policies, SPO external sharing settings, and a lot more! 

👉Sync: Easily clone your critical Microsoft 365 settings and policies across multiple tenants by using the export and deploy capability of Microsoft365DSC. 

Let’s delve deeper into our main topic of how M365DSC makes tenant settings synchronization a breeze. 

Synchronize Microsoft 365 Tenant Settings Using Microsoft365DSC 

The cloning capability of Microsoft365DSC isn’t just a standalone feature; it’s a dynamic duo formed by its “Export” and “Automate” capabilities. By utilizing the export and automate cmdlets, you can seamlessly sync the Microsoft 365 tenant related settings from one to another.

Sync = Export + Automate 

1. First, you’ll need to take a snapshot of a Microsoft 365 tenant. When you export Microsoft 365 settings of an existing tenant, the exported DSC file will be in. ps1 format and doesn’t contain any tenant-specific information. Instead, it abstracts everything into variables, making the configuration generic and not tied to any tenant. 

2. Next, you need to convert the exported DSC file into a MOF (Managed Object Format file), specifying the credentials for the target tenant. 

3. Finally, you need to run the deploy cmdlet, which will configure the new tenant with the exported settings. 

Let’s see clearly with an example of the two cases below. Before that, make sure you install the Microsoft365DSC module. 

• Sync Microsoft 365 settings from one tenant to another using Microsoft365DSC 
• Clone Microsoft 365 settings across multiple tenants 

1. How to Clone Tenant Settings in Microsoft 365 Tenant-to-Tenant Migration  

Imagine you have two tenants, Tenant A and Tenant B (newly created one). Your goal is to export the Conditional Access policies of Tenant A and import them into Tenant B. Here’s how you can do it: 

1. Firstly, run the below cmdlet to export the Conditional Access policies using Microsoft365DSC. This will ask you for global admin credentials. Here, you need to give the credentials of the source tenant (Tenant A). 

Export-M365DSCConfiguration -Components @("AADConditionalAccessPolicy") -Credential (Get-credential) 

2. Next, convert the exported file to MOF format using the following command. This time, you’ll need to provide the credentials for Tenant B, where we need to import the Conditional Access policies (As this is the step where we prepare the configuration file to be deployed in the target tenant, we need to provide the target tenant’s credentials). 

.\<Exported_File_Path> -Credential (Get-credential) 

Example: 

.\M365TenantConfig.ps1 -Credential (Get-Credential) 

3. Once the conversion is complete, you can auto-deploy the settings to Tenant B using the following command: 

Start-DSCConfiguration –Path <MOF_Folder_Name> -Wait -Verbose –Force

Clone Microsoft 365 Service Settings Using Microsoft365DSC 

By utilizing the two essential cmdlets “Export-M365DSCConfiguration” and “Start-DscConfiguration” for your tenant-to-tenant migration, you can effortlessly achieve the following tasks. 

• Cross-tenant synchronization of Microsoft 365 users and group settings 
• Migrate OneDrive settings from one tenant to another 
• Sync M365 contacts and guest users in another tenant 
• Export and import Intune settings catalog policies 
• Sync OneDrive group policy settings 
• Migrate Exchange Online mailbox permissions 
• Migrate mailboxes and service settings from one tenant to another tenant 
• Copy SharePoint Online site to another tenant 
• Backup and import Intune device configuration profiles 
• Migrate existing Teams and channels from one tenant to another 
• Cross-tenant SharePoint site migration 
• Copy user access settings in M365 and deploy in another tenant 
• Copy the entire SharePoint Online site settings to another Office 365 tenant 
• Export and import Azure configuration in a new tenant

2. How to Clone Microsoft 365 Settings Across Multiple Tenants with Microsoft365DSC? 

As mentioned earlier, Microsoft365DSC proves invaluable not only for tenant-to-tenant migrations but also for managing multiple M365 tenants efficiently!  

With it, you can seamlessly synchronize critical security settings & policies such as Conditional Access and group naming policies across multiple tenants. 

To begin, create a CSV file containing the credentials of the respective (target) tenants. In this example, let’s clone Conditional Access policies from Tenant A to three other M365 tenants: B, C, and D. 

Once you’ve prepared the CSV file, continue to save the file. Here, we saved the file as “TenantCredentials.csv”. Once done, you can proceed with the Conditional Access policies deployment. 

Code: 

You can utilize the following code to export the Conditional Access policies from Tenant A and then import them into Tenants B, C, and D. This approach ensures consistent security measures are maintained across all your tenants. 

Update-M365DSCAllowedGraphScopes -ResourceNameList @("AADConditionalAccessPolicy") -Type Read

Export-M365DSCConfiguration -Components @("AADConditionalAccessPolicy") -Credential (Get-Credential) -Path "<D:\DSC>" #We need to specify the path where the exported config file needs to be stored.

$TenantCredentials = Import-Csv -Path "<D:\DSC\TenantCredentials.csv>" #Specify the path of the created CSV file.

foreach ($TenantCredential in $TenantCredentials) {
    $TargetCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $TenantCredential.Username, (ConvertTo-SecureString -String $TenantCredential.Password -AsPlainText -Force)

    Update-M365DSCAllowedGraphScopes -ResourceNameList @("AADConditionalAccessPolicy") -Type Update

    .\<Exported_File_Path> -Credential $TargetCredential

    Start-DSCConfiguration -Path .\<MoF_Folder_Name> -Wait -Verbose -Force
}

BTS: What happens within the above code? 

Process 1: During the initial run, you’ll be prompted to input credentials for the source tenant (Tenant A).  

Process 2: After authentication, the configuration file will be exported to the chosen location and then converted into MOF format. 

• For each target tenant (B, C, and D) specified in the loop, you’ll need to authenticate separately during the MOF conversion phase. This ensures that the policy is deployed accurately across all designated tenants. 

Indeed, Microsoft365DSC offers a wide array of capabilities beyond cloning Entra ID group naming policy and Conditional Access policy across tenants. You can use it to: 

• Synchronize admin settings across multiple O365 tenants. 
• Sync the global address list between M365 tenants. 
• Copy Azure AD Conditional Access policies and configurations to multiple tenants. 
• Clone SharePoint Online external sharing settings 
• Sync OneDrive settings across multiple M365 tenants. 
• Bulk update Teams’ meeting settings across different M365 tenants. 
• Duplicate or copy EXO anti-phishing rules configurations across tenants.   
• Clone mailbox automatic reply to the configuration in Exchange Online. 
• Migrate Data Loss Prevention (DLP) compliance policy to multiple tenants. 
• Bulk import Intune settings catalog profiles in another tenant. 

With these capabilities, Microsoft365DSC streamlines the management and synchronization of various settings and policies across multiple M365 tenants. 

Boons of Using M365DSC for Cloning M365 Tenant Configurations 

• Managing multiple tenants: With Microsoft365DSC, handling configurations across multiple M365 tenants becomes effortless. You can establish a consistent baseline for Microsoft 365 security practices across all tenants, by duplicating policies and configurations across multiple tenants. 
• Testing and validation: Microsoft365DSC proves invaluable for testing scenarios. Suppose you need to validate M365 configurations in test tenants before implementing them in the production environment. In such cases, you can simply use Microsoft365DSC to export and import the Microsoft 365 settings from the test tenant to the production tenant once verified. 

Seamlessly Sync M365 Settings with the Clone Assistant– Microsoft365DSC! 

Whether you need to keep everything the same across tenants or copy settings to a single tenant with ease, Microsoft 365 is right there, ready to lend a hand. So, you can simply use this tool, and you’ll find it’s your go-to partner for keeping M365 settings and policies mirrored. 

Hope we have brought much information about how to clone Microsoft 365 service settings using Microsoft365DSC. If you have a query regarding the blog, reach out to us in the comment section.