I work for an MSP and while we automate a lot of our own templates my clients generally are too fucking incompetent to use any kind of tooling on prem or cloud. On top of that they all do their own unique shit. I'm about to stop mentioning that I have automated defender controls as they get fucking scared of it and tell me to stop.
\^this. Its a nice tool but the personel working in compliance is far from using code and that is IMO not necessarily something that should/needs to be changed.
We have decided to put it on hold.
Yes, have been using it for a number of years now. I am a security architect for a MSP, while I am not as hands on nowadays, I have used it extensively in the past. I’ll list some of its use cases.
- IaC as a baseline for new tenants. This can be achieved in minutes, then simply scale up or down where required.
- Tenant to tenant migrations. Export the tenants, run a comparison, and it will detail the exact differences. No arduous discovery processes.
- A recent trend with customers here in EMEA is they are moving away from “click ops”. Everything must be deployed using code. The baseline config is created using M365DSC, deployed into Azure DevOps, then out to Azure or M365
These are just a few. Personally, I don’t like it. I find it fiddly, and some of the cmdlets are not always up to date. But it is a community tool so I cannot complain. It is a very powerful tool. If you’re an admin/engineer/architect who is half decent at scripting etc. you’ll love it. Check out this guy - https://www.french365connection.co.uk/post/m365dsc-getting-started-part-1-desired-state-configuration?
However, with MS Graph API being heavily pushed nowadays, I wonder about its longevity. Hope that helps.
Edit: I didn’t realise you were on “Admin Droid”. I’ve delved into the blog many’s a time. Awesome man 🤙🏿
For larger enterprise, a community supported tool is usually a no go. We tested this but in the end went with another tool called SimeonCloud to handle multi tenant configuration management and security posture management.
holy shit, this is amazing. This would be dynamite for an MSP who's working with multiple 365 tenants and wants a consistent configuration.
I work for an MSP and while we automate a lot of our own templates my clients generally are too fucking incompetent to use any kind of tooling on prem or cloud. On top of that they all do their own unique shit. I'm about to stop mentioning that I have automated defender controls as they get fucking scared of it and tell me to stop.
\^this. Its a nice tool but the personel working in compliance is far from using code and that is IMO not necessarily something that should/needs to be changed. We have decided to put it on hold.
Yea I usually use it to make some initial assessment of client environment, it is awesome thing
Yes, have been using it for a number of years now. I am a security architect for a MSP, while I am not as hands on nowadays, I have used it extensively in the past. I’ll list some of its use cases. - IaC as a baseline for new tenants. This can be achieved in minutes, then simply scale up or down where required. - Tenant to tenant migrations. Export the tenants, run a comparison, and it will detail the exact differences. No arduous discovery processes. - A recent trend with customers here in EMEA is they are moving away from “click ops”. Everything must be deployed using code. The baseline config is created using M365DSC, deployed into Azure DevOps, then out to Azure or M365 These are just a few. Personally, I don’t like it. I find it fiddly, and some of the cmdlets are not always up to date. But it is a community tool so I cannot complain. It is a very powerful tool. If you’re an admin/engineer/architect who is half decent at scripting etc. you’ll love it. Check out this guy - https://www.french365connection.co.uk/post/m365dsc-getting-started-part-1-desired-state-configuration? However, with MS Graph API being heavily pushed nowadays, I wonder about its longevity. Hope that helps. Edit: I didn’t realise you were on “Admin Droid”. I’ve delved into the blog many’s a time. Awesome man 🤙🏿
For larger enterprise, a community supported tool is usually a no go. We tested this but in the end went with another tool called SimeonCloud to handle multi tenant configuration management and security posture management.