Photo by Will Myers on Unsplash
Microsoft 365 DSC
Outliers
In the Microsoft 365 environment, with its variety of configurations and multiple tenants to manage, Desired State Configuration (DSC) is an ideal way to track changes and reset a configuration to the desired state. Microsoft provides a great deal of information about the project [1], but in my experience, some of it is outdated. This article refers to the version available March 2022.
Preparations for DSC
Before setting up Microsoft 365 DSC (M365DSC), you need to create an Azure Active Directory (Azure AD) application that you will use later to authenticate the PowerShell script. Alternatively, you could log in with a username and password; I will look at the advantages and disadvantages of these methods in detail.
When authenticating with an Azure AD application, you use either a certificate you create yourself or a client secret. This example uses a certificate because it is the approach currently recommended by Microsoft. In the course of creating the Azure AD application, the certificate is stored in the certificate store of the currently logged in user – authentication only works for this user.
Working with SharePoint Online is essential in Microsoft 365, so most administrators use the PowerShell Office PnP module. Other approaches use the Azure AD web portal. However, I'll take the Office PnP route to create the Azure AD application. If you don't have the module installed, the following commands install it and grant the necessary rights to the PnP management shell in an administrative PowerShell:
Install-module PnP.PowerShell Register-PnPManagementShellAccess
Then, create the Azure AD application with:
Register-PnPAzureADApp -ApplicationName DSCAuthApp -Tenant <tenant name on>.microsoft.com-OutPath c:\DSC-CertificatePassword (ConvertTo-SecureString -String...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Configure Entra ID with PowerShell Desired State Configuration
Configuration and security of authorization assignment and access control by Entra ID, formerly Azure Active Directory, requires careful consideration. We reveal how configuration as code works with PowerShell and Microsoft 365 DSC for tenant configuration in Entra ID. -
PowerShell scripts for managing Microsoft 365 components
Manage the various components of Microsoft 365 with PowerShell scripts that use modules culled from various Microsoft products. -
Manage guest accounts in Azure Active Directory
Cross-tenant access settings and user-friendly Access Reviews simplify the management of guest accounts in Azure Active Directory. -
App Proxy support for Remote Desktop Services
Support flexible working environments with Remote Desktop Services and Azure AD Application Proxy. -
Setting up and using Azure Active Directory
Azure Active Directory from Microsoft provides advanced, centralized authentication in the cloud. We show what this powerful system can do.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
