Configure Entra ID with PowerShell Desired State Configuration
Strictly by the Book
If you follow the rules and keep the configurations of multiple tenants, testing, integration, and production in harmony or regularly have to check and document the most important security settings in the Microsoft cloud, you will certainly already have devised ways and scripts to make your work easier. One of the most interesting tools in this field, and one that is increasingly finding its way into the corporate landscape, is Microsoft 365 Desired State Configuration.
The idea behind the project is to equip the PowerShell DSC framework for the Microsoft Cloud and provide features such as documentation, change detection, change rollback, and configuration clones. Anyone already familiar with PowerShell DSC for Windows Server, for example, will quickly be able to find their way around Microsoft 365 DSC. The project includes many Microsoft 365 products. In this article, I look at examples from Entra ID.
Initial Configuration
For testing purposes and to create some initial configuration prototypes, you can install the Microsoft365DSC PowerShell module on a test computer or your own machine with access to a test tenant:
Install-Module -Name Microsoft365DSC
The installation usually ends after a few minutes without a word. It does not hurt to update the dependencies after installation:
Update-M365DSCDependencies
Once the setup is complete, proceed to load the module by typing
Import-Module Microsoft365DSC
If you have not yet allowed any external scripts on the system, PowerShell outputs an error message telling you first to change the execution policy with
Set-ExecutionPolicy
before starting your first experiment and inspecting the configuration of TenantDetails
:
Export-M365DSCConfiguration -Components @('AADTenantDetails') -Path...
Buy this article as PDF
(incl. VAT)