Mistakes can happen, and unintended adjustments to sensitive Microsoft 365 settings may lead to disruption in tenant security😨. It’s challenging to recall every detail when reassessing altered configurations. The solution? Having a backup copy of tenant settings like Conditional Access policies, mailbox permissions, Teams properties, and more ensures worry-free recovery! 💯
However, Microsoft offers no direct option in the admin centers to retrieve all configurations easily👎. Don’t worry! Microsoft has built a tool of itself “Microsoft365DSC” to simplify the process. With its 2 cmdlets, this tool generates a backup copy and report of every Microsoft 365 setting across all workloads.
Let’s get into the blog and learn how to export and get Microsoft 365 settings report with Microsoft365DSC.
Why We Need to Export and Report Microsoft 365 Tenant Configurations?
Exporting and reporting Microsoft 365 tenant settings is crucial for various reasons:
- Versioning Control and Rollback Changes: It’s like an “undo button” for your Microsoft 365 settings. Before making changes, take a snapshot (“backup”) of your Microsoft 365 tenant settings. If something goes wrong, you can revert to the previous state. This is handy for testing new features or recovering from unexpected issues.
- Tenant-to-Tenant Configuration: When replicating configurations from an existing Microsoft 365 tenant to a new one, manual notetaking and configuration can be cumbersome! A backup copy by PowerShell DSC simplifies this process, ensuring smooth sync with the new Microsoft 365 tenant.
- Enhanced Microsoft 365 Security: Regularly exporting and reporting settings is vital to spot any unauthorized M365 configuration changes. With this data-driven insight, you can make smarter decisions about your tenant security status.
So, to satisfy all the needs, you can simply use the Microsoft365DSC tool and get backup copies and reports of your tenant settings. Let’s see them in detail below.
What is Microsoft365DSC?
Microsoft365DSC is an open-source tool designed to manage and configure your Microsoft 365 tenant using PowerShell Desired State Configuration (DSC). It uses configure-as-code framework to design how your tenant should be!
With the Microsoft365DSC tool, you can,
- Automate Microsoft 365 tenant configurations
- Capture existing Microsoft365 settings as a DSC code
- Generate reports on Microsoft 365 settings
- Monitor for drifts in tenant configurations
- Sync M365 configurations between tenants
- Compare Microsoft 365 settings across multiple tenants.
When coming to our main part, what settings and policies can we export and report with Microsoft365DSC? Here are some:
Must-Get Entra ID Settings and Policies
✅ Download list of Microsoft 365 users with all the attributes
✅ Export named location in Azure AD
✅ Export cross-tenant access settings report
✅ Get Microsoft Entra Authentication Methods policy
✅ Export existing Azure application registration
✅ Export Microsoft Entra service principal
✅ Export Microsoft 365 groups report
Essential Exchange Online Reports
✅ Get Shared Mailbox permissions report
✅ Export Office 365 mailbox permissions
✅ Get Exchange Online safe links policy
✅ View OWA mailbox policy
✅ Export EXO mailbox settings
✅ Get mailbox automatic reply configuration in EXO
✅ Export distribution list members and their settings in Exchange Online
✅ Extract all contacts from Exchange mailboxes
✅ Export EXO anti phishing rules configuration
Microsoft Teams Settings and Reports
✅ Create report about Teams channel policy
✅ Get Teams user properties
✅ Export list of all Microsoft Teams channels
✅ Retrieve Microsoft Teams files policy
✅ Get MS Teams guest meeting configurations
SharePoint Online Security Settings
✅ Export SharePoint Online access requests setting
✅ Get all SharePoint Online sites
✅ Get SPO external sharing settings
✅ Get list of all hub sites in SharePoint
✅ Retrieve SPO storage entity settings
Microsoft OneDrive Report
✅ Export OneDrive settings
Office 365 Fundamental Configurations
✅ Get O365 organization settings
✅ Export O365 admin audit log configurations
✅ Export Office 365 search and intelligence configurations
Security and Compliance Policies
✅ Get auto sensitivity label rule report
✅ Report on compliance search setting
✅ Get DLP compliance policy
Essential Intune Settings and Policies
✅ Capture Intune account protection policy
✅ Get Intune compliance data
The above are a few major settings, but there are many more that you can utilize with M365DSC!
Use Export-M365DSCConfiguration Cmdlet to Export Microsoft 365 Settings
Now, let’s move to export and report Microsoft 365 settings with M365DSC. Before that make sure to install the Microsoft365DSC module. After installing the module, utilize the “Export-M365DSCConfiguration” cmdlet.
Note:
- Older version: This module had a user-friendly Graphical User Interface (GUI), allowing you to easily select or deselect settings based on your needs.
- Newer version: In the current version, it operates differently, requiring you to specify parameters for capturing specific settings, which might be a bit more advanced.
Let’s delve into both methods in detail now!
1. Use Microsoft365DSC and Do Automated Tenant Backup with PowerShell
The current versions do not automatically launch GUI! ☹️You need to specify parameters in the cmdlet itself to define the scope, output format, and other details. Once you run the cmdlet with the required parameters, it automatically starts the capture process without further user interaction.
For example, you need to use the –Component parameter to specify the array of components you wish to capture.
1 |
Export-M365DSCConfiguration -Credential (Get-Credential) –Components @ (“AADApplication”) |
Note: When you execute “Export-M365DSCConfiguration” without parameters, it exports settings under the default category. To examine the settings under the Default mode, you can alter the selection mode in the web user interface and review them.
Here are some of the other important parameters that are supported by the Microsoft365DSC export cmdlet:
Parameter | Description | Sample Cmdlet |
-FileName | To specify the name of the exported file. | Export-M365DSCConfiguration -Credential (Get-Credential) –FileName “M365TenantConfigurations” The above cmdlet will export the file and save it with the name “M365TenantConfigurations”. |
-Components | To export specific Microsoft 365 settings. | Export-M365DSCConfiguration -Credential (Get-credential) –Components @(“AADApplication”) The mentioned cmdlet will export only the specific setting “Azure AD applications”. You can also use it to get other settings too. |
-ConfigurationName | To specify the DSC object inside your exported configuration file. | Export-M365DSCConfiguration -Credential (Get-Credential) –Components @(“AADApplication”) -ConfigurationName “myAAD” The provided cmdlet exports the file with the DSC object “myAAD”. You can verify this by referencing the object next to the Configuration parameter. For instance, it appears as follows in your file. Configuration myAAD |
-Filters | To filter and extract specific data. | Export-M365DSCConfiguration -Credential (Get-Credential) –Components @(“AADApplication”) -ConfigurationName “myAAD” –Filters @{ AADApplication = “startsWith(displayName, ‘Microsoft‘)” } The above cmdlet will retrieve only Entra ID applications with display names starting with “Microsoft”. |
-Path | To specify the path of the exported file. | Export-M365DSCConfiguration -Credential (Get-Credential) –Components @(“AADApplication”) -Path ‘D:\M365’ The above cmdlet will store the exported AAD applications file in “D:\M365” path. You can alter it based on your need. |
-Workloads | To specify the array of various workloads you want to capture the configurations. | Export-M365DSCConfiguration -Credential (Get-Credential) –Wokloads @(“AAD”, “EXO”) The above cmdlet will export settings of only Exchange Online and Entra ID. You can change this based on your requirements. |
-Mode | To specify the selection mode “Default”, “Lite”, and “Full” to select the pre-selected settings based on your requirements. | Export-M365DSCConfiguration -Credential (Get-credential) -Mode ‘Default’ The above cmdlet will export the pre-selected settings of a Default mode. You can use it to export settings of other modes too. |
2. Export Microsoft 365 Tenant Settings with Microsoft365DSC – “LaunchWebUI” Switch:
While the current version defaults to unattended capture, you can still use the revamped web-based user interface for component selection. Here are the steps to achieve that.
Step 1: Run the export cmdlet with the “-LaunchWebUI” switch like below. You can also use this direct link.
1 |
Export-M365DSCConfiguration -LaunchWebUI |
Step 2: This action automatically opens a web browser interface. There, you can selectively choose configurations of each Microsoft 365 service as per your requirements.
- Also, you can utilize selection modes like “Full,” “Lite,” and “Default” in the UI to export specific pre-selected settings by Microsoft categorized under each mode.
Step 3: Once selected, click the “Generate” button at the top right corner to display a PowerShell cmdlet.
Step 4: Copy the cmdlet and paste it in the PowerShell console. Once done, run the cmdlet and you will be prompted for credentials.
Step 5: Once it has exported all the configurations, the system will prompt you to enter the location to store the file.
That’s it! The output file will get exported in .ps1 format. You can view the file in the respective location and can use the copied setting to another tenant.
Note: The best part of exporting a M365 configuration is that you can use the same code to update configurations instead of creating a new DSC from scratch. In simple, it’s a “ReverseDSC” process. This approach saves time and ensures consistency in your configurations.
As you have acquired the steps to export the tenant settings using Microsoft365DSC, let’s dive into the steps to generate a report from the exported configuration file.
Get Reports on Microsoft 365 Settings with Microsoft365DSC
Imagine you and your co-admins are working on revamping your Microsoft 365 tenant settings. You share the DSC code you wrote or exported, but your co-admins aren’t code experts. How can they make sense of it all? No need to stress! 😉
Microsoft 365DSC tool steps in, making it easy by creating a user-friendly report from any configuration. You can generate reports in excel, HTML, or JSON formats for seamless collaboration.
It’s simple – just use the “New-DSCReportFromConfiguration” command and choose the format you want!
IMPORTANT: This command works with an existing configuration file, so make sure to save it in .ps1 format.
Use New-M365DSCReportFromConfiguration Cmdlet to Export Microsoft 365 Settings into CSV
To generate reports in CSV format, run the Microsoft365DSC cmdlet below.
1 |
New-M365DSCReportFromConfiguration -type Excel –ConfigurationPath <Enter the path of the existing .ps1 formatted DSC file > -OutputPath <Path for the output excel file report> |
Once you run the above cmdlet, an excel report from a configuration automatically opens the Excel client, smoothly loading data into it. Upon completion, columns are resized to fit content, and key parameters are formatted in bold.
Get a HTML Report with New-M365DSCReportFromConfiguration Cmdlet
To generate reports in HTML format, run the Microsoft365DSC cmdlet below.
1 |
New-M365DSCReportFromConfiguration -type HTML –ConfigurationPath <Path of the existing .ps1 formatted DSC file> -OutputPath <Path for the Output HTML file> |
Once executed, the cmdlet saves the report in the specified output path. It’s important to note that the report doesn’t automatically open in a web browser after creation.
Effortlessly Use Microsoft365DSC to Export Microsoft 365 Settings Now!
That’s all! You have your exported DSC file and handy reports in your hands! What’s more!
✅ Opt for seamless modifications by tweaking your existing code rather than from scratch!
✅ Treat it as your fail-safe backup and enhance Microsoft 365 security!
✅ Effortlessly generate insightful reports, delve into deeper analysis, and identify areas that require adjustments.
I hope this blog brings you a lot of information about how to export and get Microsoft 365 settings with Microsoft365DSC in detail. Furthermore, feel free to reach out to us in the comment section for any queries.