Updated 2 months ago

How to Manage Microsoft 365 Settings Using Microsoft365DSC

by Sudha

7 min read

No Comments

As Microsoft 365 admins, 😎 many of us have searched these questions regarding Microsoft 365 management:

  • How to automate Microsoft 365 settings in Office 365?
  • How can admins get the Microsoft 365 settings report?
  • How can I easily monitor Microsoft 365 configuration changes?
  • How to clone Microsoft 365 settings during Microsoft 365 tenant-to-tenant migration?
  • Is it possible to compare tenant configurations of two Microsoft 365 tenants?

Obviously, you would have received answers suggesting third-party tools for tenant-tenant migration, Microsoft 365 audit logs reports for monitoring changes, and PowerShell scripts for automation. However, they might not meet your requirements due to their limitations: lack of alerting capabilities, flexibility, costs, module installations, and manual efforts. 💯

But Microsoft hears your hassle louder! Yes, Microsoft lends you a free Microsoft365DSC tool for better Microsoft 365 management. Let’s see how you can effortlessly manage Microsoft 365 settings using Microsoft365DSC! 👇

What is Microsoft365DSC Tool?

Microsoft365DSC is an open-source, comprehensive tool designed to configure and manage your Microsoft 365 tenant in a Configuration-as-Code approach. With its base PowerShell Desired State Configuration (DSC) framework, you can make your Microsoft 365 tenant configuration secure and stable! 😉

Microsoft365DSC has the top 5 capabilities that can help you manage your tenant configs efficiently:

Automate | Export and Report | Clone | Monitor | Compare.

  1. Automate Microsoft 365 settings using Microsoft365DSC
    Streamline Microsoft 365 configurations, settings, and policies deployment effortlessly.
  2. Export and report Microsoft 365 tenant settings
    Get comprehensive and handy Microsoft 365 tenant settings reports with ease.
  3. Monitor configuration drifts in Microsoft 365
    Stay vigilant with real-time monitoring of Microsoft 365 configuration changes.
  4. Compare configuration of two Microsoft 365 tenants
    Compare configurations of one Microsoft 365 tenant with another tenant to track missed configurations.
  5. Sync Microsoft 365 settings between tenants using Microsoft365DSC
    Seamlessly synchronize tenant configurations during Microsoft 365 tenant-to-tenant migration.

Now, reconsider those daunting questions. Can you tackle them all with a single tool? Absolutely! That’s the supremacy of Microsoft365DSC – the one tool to rule them all. 🚀 Let’s explore these capabilities and know how efficiently you can manage Microsoft 365 settings using Microsoft365DSC in detail!

1. Automate Microsoft 365 Settings with Microsoft365DSC

As an admin, configuring the tenant with Microsoft 365 security best practices is essential. But deploying it effectively without any misalignment in Microsoft 365 is your major task! However,

Manually deploying crucial settings needs tab switching and sometimes may cause misconfigurations.
❌ Switching tabs during manual configuration is complex.
PowerShell automation solves it but requires multiple module installations.

✅ With Microsoft365DSC:

By installing the single Microsoft365DSC module, you can automatically deploy Microsoft 365 settings and policies in your tenant. To automate Microsoft 365 settings using Microsoft365DSC, admins need to use the “Start-DscConfiguration” cmdlet.

For detailed steps on automating Microsoft 365 settings, follow the instructions provided here:


Which Settings Can Be Automated Using M365DSC?

With Microsoft365DSC, you can configure settings across various Microsoft 365 workloads in a single go. This powerful tool simplifies administration tasks and boosts efficiency. Here are some of the Microsoft 365 service settings/tasks you can automate with Microsoft365DSC:

2. How to Export the Microsoft 365 Settings Report Using Microsoft365DSC?

Misconfigurations may occur, and sometimes even changes made by attackers can slip through. Recalling every detail during the reassessment of altered configurations is challenging. The perfect solution? Having a backup copy of tenant settings is essential. However,

❌ There hasn’t been a direct option to backup Office 365 settings and policies.

✅ With Microsoft365DSC:

But you can effortlessly backup all your Microsoft 365 tenant configurations into CSV/JSON format with Microsoft365DSC. Using the “Export-DSCConfiguration” and “New-M365DSCDeltaReport” cmdlets, you can easily export all Office 365 settings and generate reports on them. Once done, you can utilize the backup copy for versioning control, resetting Office 365 settings changes, Microsoft 365 tenant-to-tenant migration, and more.

For comprehensive guidance on exporting Microsoft 365 settings with M365DSC, refer to the instructions outlined here.


Export Microsoft 365 Tenant Configurations Using Microsoft365DSC

Exporting and regularly reporting crucial settings is made easy with the Microsoft365DSC tool. Here are some of the critical Microsoft 365 service settings you can export and track periodically for changes using Microsoft365DSC.

  • Get Microsoft Entra Authentication Methods policy.
  • Export mailbox automatic reply configuration in EXO.
  • Export distribution group members and their settings in Exchange Online.
  • Export Office 365 search and intelligence configurations.
  • Get the DLP compliance policy report and more!

3. Audit Microsoft 365 Settings Changes Using Microsoft365DSC

Any changes made to the baseline Microsoft 365 security configuration and policies can severely affect the overall organization’s security. So, it is required to keep your eyes wide open for any sneaky changes in Microsoft 365 settings! However,

❌ Relying solely on Microsoft 365 audit logs may seem practical. But it’s tough to identify specific setting changes amidst the noise of all user and application activities logs.
❌ You can’t get notified about or take steps to auto-correct config drifts from the Microsoft 365 audit logs.

✅ With Microsoft365DSC:

You can easily conduct configuration changes auditing in Microsoft 365 using the Microsoft365DSC tool. Once you configure M365 settings using Microsoft365DSC, that’s it! From that time, the LCM will monitor for configuration drifts in Microsoft 365 every now and then. But Microsoft365DSC doesn’t stop there! You can,

  • Log all configuration changes in Windows Event Viewer. 📄
  • Receive instant alerts through emails by integrating M365DSC with Azure DevOps. 🔔
  • Automatically reset drifted M365 settings and policies to their previous state with the “ApplyAndAutoCorrect” LCM configuration. 🔁

Here are the steps to monitor Microsoft 365 settings effectively using Microsoft365DSC.


monitor Microsoft 365 changes with M365DSC

Which Settings Can be Monitored with M365DSC?

Below are some of the Microsoft 365 configuration drifts you can log in to Event Viewer using M365DSC. It not only logs the changes in the settings listed below but also records everything specified in the M365DSC export cmdlet Web UI.

  • Track Entra ID Cross-tenant access settings changes.
  • Audit changes to Exchange Online mailbox properties.
  • Audit SharePoint external sharing settings drift in Microsoft 365.
  • Monitor settings of OneDrive in Microsoft 365.
  • Monitor misconfigured auto sensitivity label rule and more!

4. Use Microsoft365DSC to Compare Microsoft 365 Tenant Settings

Imagine you have two Microsoft 365 tenants: one frequently targeted by attackers and the other highly secure. To strengthen the vulnerable tenant, you may consider identifying missed or misconfigured settings from the secure M365 tenant and implementing them. However,

❌ Manually noting settings and checking them with the victim tenant may be your first thought, but it’s quite daunting.
❌ Microsoft also offers no option to get discrepancy reports for two Microsoft 365 tenant configurations.

✅ With Microsoft365DSC:

Here comes the Microsoft365DSC – Your config comparison tool! You can generate a discrepancy report in both HTML and JSON formats by comparing a tenant’s configuration against another using Microsoft365DSC. This report showcases missed configurations and settings that differ between the Microsoft 365 tenants.

  • You can also compare two configuration files of a single Microsoft 365 tenant over time using “New-M365DSCDeltaReport” cmdlet.
  • Additionally, you can assess any Microsoft 365 tenant settings against a blueprint using “Assert-M365DSCBlueprint” cmdlet.

Follow these steps for detailed guidance on comparing Microsoft 365 settings with Microsoft365DSC.


Compare-Manage Microsoft 365 settings using Microsoft365DSC

Compare Different Microsoft 365 Service Settings with M365DSC

Comparing configurations across multiple tenants allows you to identify security best practices and seamlessly apply them to all tenants. Here are the Microsoft 365 configurations you can compare using M365DSC and implement across all tenants:

  • Get Microsoft 365 Conditional Access changes report.
  • View the OWA mailbox policy changes report.
  • Retrieve Teams channel policy drifts report.
  • Get Intune account protection policy changes report and more!

5. How to Clone Microsoft 365 Service Settings Using Microsoft365DSC?

When migrating from one tenant to another, replicating the same settings is crucial to maintain consistent security in the new environment. However, this process can be challenging:

❌ Relying on several third-party migration tools for different Microsoft 365 services.
Missing out on crucial Microsoft 365 settings, which can impact Microsoft 365 security.

✅ With Microsoft365DSC:

No need to invest in multiple third-party migration tools anymore! Because you can have the clone assistant – the Microsoft365DSC tool! 😎. With the dynamic duo “Export” and “Deploy” capabilities of M365DSC, you can easily sync Microsoft 365 settings from one tenant and import them into another. You can also use the M365DSC to keep everything the same across multiple tenants or copy settings to a set of tenants.

Explore the detailed configuration steps provided here to clone Microsoft 365 settings.


Settings You Can Clone Between Tenants Using M365DSC

Microsoft365DSC mainly helps during test and validation scenarios. You can review important settings in a test tenant and then easily replicate them in production tenants using Microsoft365DSC. Here are some of the M365 settings you can clone between tenants after testing.

  • Cross-tenant synchronization of Microsoft 365 users and group settings.
  • Sync M365 contacts and guest users in another tenant.
  • Migrate mailboxes and service settings from one tenant to another tenant.
  • Export and import Azure configuration in a new tenant.
  • Copy the entire SharePoint Online site settings to another Office 365 tenant and more!

Fundamental Settings You Can Clone Across Tenants with M365DSC

Microsoft365DSC not only assists during tenant-tenant migration processes but also aids in managing multiple tenants. Here are some of the M365 settings you can clone across multiple tenants using M365DSC.

  • Synchronize admin settings across multiple O365 tenants.
  • Export Azure AD Conditional Access policies and import to multiple tenants.
  • Bulk import Intune settings catalog profiles in another tenant.
  • Duplicate or copy EXO anti-phishing rules configurations across tenants and more!

Effortlessly Manage Microsoft 365 Settings Using Microsoft365DSC!

The all-in-one tool is, of course, the Microsoft365DSC tool. Whether it’s managing, configuring, or extracting Microsoft 365 tenant configurations, M365DSC stands beside you to simplify the process. So why wait? Install Microsoft365DSC today and manage your tenant efficiently!

I hope this blog brings you more information about how to manage Microsoft 365 settings using Microsoft365DSC tool. Furthermore, feel free to contact us in the comment section for more assistance needed.

Share article