How To Configure Tenant – Tenant Migrations in Microsoft 365?

Discover how to easily configure tenant migrations in Microsoft 365.

Tenant-tenant migrations require businesses to keep a record of changes made as this information is useful for mergers, acquisitions, and divestitures (MAD) projects. All these complexities can be solved by using Microsoft 365’s Desired State Configuration, and this article explains how.

Introduction to Microsoft 365 Desired State Configuration (DSC)

  • One of the most complex and challenging tasks in a Microsoft 365 tenant is to maintain workload configurations. While small and medium-sized businesses (SMBs) hire system administrators to manage an entire tenant, large businesses need to hire several people who can manage different workloads. Furthermore, in large businesses, it is crucial to make sure configuration and administration are consistent across the board.

DSC configurations are declarative PowerShell scripts that enable code to run in its desired state by configuring instances and resources. Resources reside in PowerShell modules and contain the code keeping the target configuration in place.

  • A system having a DSC configuration will run a Local Configuration Manager (LCM). At a set polling interval, the LCM interacts between resources and configurations. If the system is out of state with the desired configuration, this will be detected by the LCM. The LCM then calls the code from the resource modules to update the configuration to the desired state.

DSC is used and supported by several Microsoft technologies such as Windows Server, Exchange Server, and SharePoint Server. Microsoft DSC modules support different workloads with a tenant.

Benefits of Microsoft 365 DSC

  • A tenant-tenant migration can consist of some or all workloads. Microsoft 365 DSC can extract attribute settings’ configuration from the source tenant and upload it to the target tenant.

Depending on the number of workloads and resource parameters, the initial configuration deployments can take as much as an hour to complete. Once the settings are applied to the tenant, two possible scenarios arise.

  • The first scenario is that the target tenant will accept the settings, and hence the configuration is applied successfully. The other scenario is that the target tenant will reject the settings, which can only be fixed by the system administrator.

Building a Microsoft 365 Environment

  • Microsoft 365 DSC supports PowerShell versions 5.1 and 7.1, whereas the minimum OS requirement is Windows Server 2016 due to PowerShell versions. Microsoft documents are available to guide users to successfully connect PowerShell to Microsoft 365 workloads.

tenant migrationsWhile modern authentication isn’t yet available for DSC workloads, most users opt for the basic level of authentication (user name and password). However, the recommended and preferred method is to create an Azure AD registered app with the required API permissions granted to the app. This allows the use of certification-based authentication. This authentication helps to minimize cyber security risks.

  • If required, PFX can be protected on the DSC server, and the thumbprint can be hashed out. For this purpose, an Azure AD app should be created with the tenant ID, client application ID, and the certificate thumbprint or client secret. To run the Azure AD app successfully, it will need to be created in both the source and target tenants with the same API permissions.

Microsoft offers extensive documentation to aid users in setting up the Azure AD app. The resources you would want to include in your configuration will require permissions granted to the application. For a tenant-tenant migration, the usual workloads include OneDrive, Exchange Online, Teams, and SharePoint Online.

Microsoft 365 is a powerful SaaS that offers many tools and resources to users for collaborating, email and office work, file storage, cloud services, automation, and for boosting productivity at the workplace. If you are interested in Microsoft 365, then get in touch with us. We at Henson Group are one of the best-managed service providers (MSP) for Microsoft. Our team of specialists will help with your migration journey and answer any queries. Contact us today to book your appointment with a specialist now.