M365 DSC Purview DevOps

Configuring Microsoft Purview with Microsoft 365 DSC

How to use M356 Desired State Configuration with Azure DevOps to automate your M365 configuration and to maintain it using code

Introduction

Microsoft 365 Desired State Configuration (DSC) is a powerful tool that allows administrators to manage and configure their Microsoft 365 environments using code. One of its key applications is configuring Microsoft Purview, which provides comprehensive data governance and compliance solutions. By using DSC, you can automate the setup of data classifications and information boundaries, ensuring consistent and secure data management across your organisation.

Step-by-Step Implementation Guide

  1. Install Microsoft 365 DSC

    • Begin by installing the Microsoft 365 DSC module using PowerShell:

      1

      Install-Module -Name Microsoft365DSC -Force -AllowClobber

  2. Extract Current Configuration

    • Extract the current configuration of your Microsoft Purview settings to create a baseline:

      1

      Export-M365DSCConfiguration -Quiet -Components @("Purview")

    • This command generates a configuration file that represents the current state of your Purview settings.

  3. Define Data Classifications

    • Edit the extracted configuration file to define your data classifications. For example, you can specify labels for sensitive information such as “Confidential” or “Internal Use Only”:

       1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

      Configuration MyPurviewConfig {
    Import-DscResource -ModuleName Microsoft365DSC
    Node localhost {
        M365DSC_PurviewLabel "ConfidentialLabel" {
            Ensure = "Present"
            DisplayName = "Confidential"
            Description = "Label for confidential data"
            Color = "Red"
        }
    }
}

  4. Set Information Boundaries

    • Define information boundaries to control data access and sharing within your organisation. This can include setting up policies to restrict data flow between departments:

       1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

      Configuration MyPurviewConfig {
    Import-DscResource -ModuleName Microsoft365DSC
    Node localhost {
        M365DSC_PurviewInformationBoundary "FinanceBoundary" {
            Ensure = "Present"
            Name = "Finance Department"
            Description = "Boundary for finance department data"
            Members = @("user1@domain.com", "user2@domain.com")
        }
    }
}

  5. Apply Configuration

    • Apply the desired configuration to your Microsoft 365 tenant:

      1

      Start-DSCConfiguration -Path <PathToConfigurationFile> -Wait -Verbose

    • This command ensures that your Purview settings match the desired state defined in the configuration file.

  6. Automate with Azure DevOps

    • Set Up Azure DevOps Pipeline: Create a pipeline in Azure DevOps to automate the extraction and application of Purview configurations.
    • Schedule Configuration Updates: Use the pipeline to run the Export-M365DSCConfiguration and Start-DSCConfiguration commands on a schedule, ensuring your Purview settings are always up-to-date.

Conclusion

Microsoft 365 DSC provides a robust and efficient way to manage your Microsoft Purview configurations through code. By automating the setup of data classifications and information boundaries, you can ensure consistent and secure data governance across your organisation.

Learn More

For more detailed information, refer to the following Microsoft Learn articles: