The Microsoft website : https://microsoft365dsc.com/ explains all things, regarding Microsoft DSC, including configuration, export, import, synchronisation etc..
Microsoft have made things a lot easier compared to earlier versions of Microsoft365 DSC. It is now possible to select which configuration policies can be backed up and re-used from the numerous M365 technologies via the Microsoft365DSC Portal: https://export.microsoft365dsc.com
This blog post will focus on the most common M365 configurations that can be re-used in multiple M365 tenants, to speed up deployment and also remove human error, which can often occur from manual configuration.
Where to start
Browse to https://export.microsoft365dsc.com/ and then select the configuration items per M365 technology, that you would like to re-use in, another M365 tenant, tenants’ or a research and development M365 tenant.
Microsoft Entra ID \ Azure Active Directory
The items highlighted in yellow, could be potentially be used per M365 tenant, tenants’ or a research and development M365 tenant.
Items : Highlighted in red
Microsoft have recently added, conditional access templates, which was a very welcome addition, however, I still prefer to use PowerShell to implement Conditional Access Policies, which can be unique per organisation.
Exchange Online
The items highlighted in yellow, could potentially be used per M365 tenant.
I do not like using the Exchange Online, standard and strict protection templates, as they cannot be re-configured.
My preference is to run an Exchange Online Orca Report and then review the recommendations and tweak the configuration per organisation. Microsoft Exchange Online security policies should always come first.
Intune
Intune DSC, for me, this is by far the most beneficial use case.
Device security ( Jeffrey Appel’s : Defender for Endpoint – Ultimate Blog Series)
Jeffrey’s blog series, doesn’t just focus on Microsoft Defender for Endpoint configurations, it includes a lot of Windows 10 and later, hardening policies, which should be used in every organisation. It takes a long time to configure these policies! M365 DSC can, re-use these configurations polices, if Jeffrey, updates his blog series, the change can be made in a research and development M365 tenant, tested and then pushed to a production tenant.
The following images that contain items highlighted in yellow , could be potentially used per M365 tenant.
Additional M365 DSC modules
- Office 365 : do not re-use per M365 tenant
- OneDrive: do not re-use per tenant, however an Intune ‘IntuneDeviceConfigurationAdminisrativeTemplatePolicyWindows10; can be re-used to configure One Drive for Business configuration and governance
- Planner : do not re-use
- Power Platform : do not re-use
- Security and Compliance: do not re-use, (unique per organisation)
- SharePoint : do not re-use, (unique per organisation)
Teams
The following images that contain items highlighted in yellow , could be potentially be used per M365 tenant
Summary
This blog post , attempted to highlight the practical and beneficial usage of M365 DSC.
An IT services provider can, standardise configurations in line with best practices and re-use these configurations per customer.
Microsoft consistently drives innovation and adaptability to meet evolving industry demands.
An organisation can test emerging M365 technologies in a research and development M365 tenant, and when the organisation has completed testing etc, the configuration can be synchronised to the organisation’s production tenant or tenants’, which can control and mitigate risks, with regards, simply allowing an M365 tenant accept all new and emerging technology features from Microsoft. It can also accelerate the adoption of new and emerging technology features from Microsoft, when an organisation has fully tested these new features and is ready to deploy the new features in their production tenant or tenants’
If anyone, or any organisation would like some further assistance with this, please get in touch with me via LinkedIn : https://www.linkedin.com/in/seanofarrelll/
Cloud-Secure.ai 