Automating Governance: The New Standard for Microsoft 365 Tenant Snapshots and Remediation

Entra.Chat

0:00

-47:03

Automating Governance: The New Standard for Microsoft 365 Tenant Snapshots and Remediation

How Microsoft Is Solving Tenant Drift, Misconfigurations & Admin Chaos → Microsoft Finally Built an Official M365DSC! (Introducing TCM)

Merill Fernando

Feb 07, 2026

Governance in Microsoft 365 has always been hard. Not because the tools didn’t exist, but because scale, complexity, and change made consistency almost impossible. As tenants grow, so do the challenges of configuration drift, manual admin changes, and inconsistent environments.

For years, admins have relied on scripts, tribal knowledge, and community-led solutions like Microsoft 365 Desired State Configuration (M365DSC) to manage this “policy sprawl”. While M365DSC was a groundbreaking open-source effort, it often faced a steep learning curve and lacked official Microsoft support.

Until now.

In this episode of Entra Chat, we sit down with Nik Charlebois, Principal Program Manager at Microsoft and the original visionary behind M365DSC. Nik now leads the charge for one of the most significant platform shifts in Microsoft 365 administration: Tenant Configuration Management (TCM).

Shadow IT and SaaS sprawl are outpacing IT teams
It can feel impossible to tackle these app governance challenges:
📦 Entra ID isn’t secure by default
💥 SaaS adoption & sprawl isn’t slowing down
⌨️ Citizen Development keeps rising (hello, Copilot Studio!)
🗑️ Vendors often don’t remove apps after uninstall
🔃 Offboarding is inconsistent or doesn’t happen at all
🥔 App governance is passed around like a hot potato
ENow AppGov Score shines a light on lurking risks, providing a free App Governance Benchmark Report for your Entra tenant. Reclaim control and protect against breach & disruptions. Free upgrade to Standard Tier for 7 days once you get your score.
Secure & Govern Entra Apps Now

What is Tenant Configuration Management?

TCM is Microsoft’s official “Config as Code” platform for M365. Built directly on top of the Microsoft Graph, it represents a new operating model for how tenants are governed.

Key features discussed in this episode include:

Official Support: Moving beyond best-effort community maintenance to a fully supported Microsoft solution.
Simplified Experience: Transitioning from cryptic MOF files to human-readable JSON templates, significantly lowering the learning curve for admins.
Snapshot & Drift Detection: The ability to capture “snapshots” of your tenant’s current state and monitor for unauthorized changes.
Automatic Remediation: Automatically reverting detected configuration drifts back to your defined “gold standard” state.
Broad Coverage: Support for core workloads including Entra ID, Exchange, Intune, Purview, Defender, and Teams with more to come.

This isn’t just a new feature; it’s the evolution of tenant governance into a native, API-driven platform. Tune in to hear Nik explain how TCM is bridging the gap between community innovation and official enterprise-grade management.

Listen to the full episode now to learn how to start your journey with the TCM public preview!

Subscribe with your favorite podcast player or watch on YouTube 👇

About Nik Charlebois

Nik is a Principal Program Manager at Microsoft leading the Microsoft 365 configuration-as-code efforts. Ex-MVP, speaker, blogger, and author, he leads the configuration-as-code efforts for Microsoft 365.

LinkedIn - https://linkedin.com/in/nikcharlebois