Photo by Tom Hermans on Unsplash
Configure Entra ID with PowerShell Desired State Configuration
Strictly by the Book
If you follow the rules and keep the configurations of multiple tenants, testing, integration, and production in harmony or regularly have to check and document the most important security settings in the Microsoft cloud, you will certainly already have devised ways and scripts to make your work easier. One of the most interesting tools in this field, and one that is increasingly finding its way into the corporate landscape, is Microsoft 365 Desired State Configuration.
The idea behind the project is to equip the PowerShell DSC framework for the Microsoft Cloud and provide features such as documentation, change detection, change rollback, and configuration clones. Anyone already familiar with PowerShell DSC for Windows Server, for example, will quickly be able to find their way around Microsoft 365 DSC. The project includes many Microsoft 365 products. In this article, I look at examples from Entra ID.
Initial Configuration
For testing purposes and to create some initial configuration prototypes, you can install the Microsoft365DSC PowerShell module on a test computer or your own machine with access to a test tenant:
Install-Module -Name Microsoft365DSC
The installation usually ends after a few minutes without a word. It does not hurt to update the dependencies after installation:
Update-M365DSCDependencies
Once the setup is complete, proceed to load the module by typing
Import-Module Microsoft365DSC
If you have not yet allowed any external scripts on the system, PowerShell outputs an error message telling you first to change the execution policy with
Set-ExecutionPolicy
before starting your first experiment and inspecting the configuration of TenantDetails:
Export-M365DSCConfiguration -Components @('AADTenantDetails') -Path ...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Microsoft 365 DSC
The declarative PowerShell Desired State Configuration extension supports easy and transparent configuration of systems and applications. We describe the fairly complex initial setup and use of the Microsoft 365 Desired State Configuration. -
Recovering from a cyberattack in a hybrid environment
Restoring identity is an important part of disaster recovery, since it lays the foundation for restoring normality and regular operations. We look into contingency measures for hybrid directory services with Entra ID, the Graph API, and its PowerShell implementation. -
PowerShell scripts for managing Microsoft 365 components
Manage the various components of Microsoft 365 with PowerShell scripts that use modules culled from various Microsoft products. -
Remotely managing web access servers
The Windows PowerShell web-based console lets you run PowerShell commands and scripts in your browser. -
Use PowerShell to manage Exchange Online
Exchange Online in Office 365 can be managed just like its local counterpart with similar, sometimes identical, PowerShell cmdlets.