Desired State Configuration without Managing PowerShell Code

Cybersecurity
Written by
Published on
December 9, 2021

What is Desired State Configuration (DSC)?

Back in 2008, Microsoft added a new technology to PowerShell and named it Desired State Configuration or DSC. In essence, DSC is the framework that delivers and gives the user tools to maintain configuration. Desired State Configuration allows you to define your environment’s aspired state with a simple declarative syntax that has been added into the PowerShell script. It is then assigned to each target server in your environment. This is especially useful for the issues that arise during configuration drifts. Thus, DSC helps you develop and deploy incremental changes to your configuration over time without worrying about putting your systems in an undesired state. What's more, you can do all this without using complicated logic in your script.

The Magic Behind DSC Theory

The foremost benefit of DSC is that it allows you to dictate the environment configuration and maintain your deployment scenarios. It also helps you to:

1. Get Idempotency: Reach the desired state despite the current state by applying the entire configuration

2. Allow Versioning: Add/remove known versions of your environments according to your needs

3. Bypass Issues: Environmental differences between development and production in DSC allow you to dodge alarming issues

4. Get Desired Dependencies: State the application environment-specific dependencies in code and take them along in version control.

5. Achieve Continuous Deployment: DSC decreases the complexity involved in scripting, thereby making it possible to increase the speed of iterations for any complex configuration

Applying DSC on Office 365

Apart from being a platform that continues to expand, Office 365 continues to be a considerable risk surface. Despite offering some excellent configurations and features to take care of the advanced threat landscape, the real-world issue of applying the 'know-how' of configurations remains a challenge. Consequently, making changes to any configuration in Office 365 can be cumbersome to test and burdensome to track and revert.

To overcome this gap, Microsoft engineers have provided a useful open source library called Microsoft365DSC which is maintained by the community. This module allows businesses to leverage PowerShell Desired State Configuration to automate Microsoft 365 tenant deployment, configuration, and monitoring.  What it means?

1. A simple installation of the module can extract the whole configuration of any existing tenants using the ReverseDSC

2. Its continuous monitoring feature will automatically detect a config drift and fix it, log it and even notify the admins on email

3. Generate a discrepancy report by comparing the tenant against a known effective configuration. It also makes validating the current tenant configurations with the industry's best practices easy, with a single line command

What is the Issue Though?

While this library is very useful, and generously maintained by volunteers, using it practically for business or enterprise multi-tenant management has a number of challenges especially for service providers

  1. Open source: It has no funded maintenance. Community projects have no dedicated support for bugs or guaranteed release cadence
  2. New Features: If you require new features your only recourse is the will of a generous community participant not a business who you are paying
  3. Maintaining the Deployment: You must deploy and maintain the code yourself
  4. Advanced Multi Tenant Automation: The library has limited multi-tenant capabilities for
    - Onboarding
    - Tenant Management
    - Reports Management
  5. Accountability.  When it goes wrong the community will help but will not take the blame.  You will have to carry that burden  

Is there any Solution?

An expert team with leaders having years of experience in SaaS and automation in security, we noticed how this gap impacted MSPs, IT consultants and security professionals, preventing them from delivering consistent and continuous best practice security with confidence.  

We decided to build an automation technology that would help configure Office 365 security within clicks and ensure that it stays that way so the professionals can finally breathe a sigh of relief and focus on growing their business.

A True Multi-Tenant SaaS Automation

Octiga’s Multi-Tenant Office 365 security Automation is a fully funded and maintained public SaaS service. For a reasonable fee, you will get all that seamless SaaS has to offer.  If we don’t have a specified Desired State Configuration item (we call them Baselines), you can talk to us, write a script and hand it over to our team for sanitation and quick deployment so you can reap the benefits inside our advanced baseline engine.  What’s more, our solution focuses on all aspects of Office 365 security including

  • Breach and Risk Monitoring with zero onboard configuration  
  • One click multi-tenant onboarding and quick switching
  • Best Practice Security Baselines (DSC), Risk analysis and Breach Analysis
  • In App detection, monitoring and remediation of all security concerns

Conclusion

Desired State Configuration brings a powerful management capability for your infrastructure. For Microsoft 365 security, the real value is created when this capability is stretched out to fit the unique business needs of every organisation. Octiga has made an effort to realise this capability for you. Its one-click remediation, security best practice baseline templates, universal risk dashboard with targeted alerts, CIS Benchmarking, and legacy breach detection ensures that all your Office 365 security needs are met in a single place in seconds. Book a quick 15 minutes session with our experts to learn more.

Take Octiga for a spin

See what your team can do with a single platform