Description
Summary
When using Export-M365DSCConfiguration, only values that differ from the Microsoft 365 defaults are included in the exported .ps1 configuration files.
While this behavior may make sense from a configuration-as-code and CI/CD perspective (clean output with only deviations), it is not documented anywhere, and it leads to serious challenges when the exported files are used as snapshots or for audit/recovery purposes.
Problem
There is no mention of this default behavior in:
- The Microsoft365DSC official website (https://microsoft365dsc.com)
- The
Export-M365DSCConfigurationdocumentation or cmdlet help - The GitHub Wiki or Readme
This leads to misunderstandings. For example, if a setting like EnableAzureADB2BIntegration is never changed from the default, it does not appear in the export at all — making it impossible to tell what the actual value was at the time of the export.
Additionally, if Microsoft later changes the default value of a setting, the older exports no longer reflect the real configuration at the time. This undermines snapshot validity and breaks auditability.
Request
- Please document the current behavior: that only non-default values are included in the output.
- If possible, provide an option such as
-IncludeDefaultsto allow users to export all values — even those set to default. - Alternatively, include a metadata file or comment indicating which properties were omitted due to being at default.
Why this matters
- Organizations rely on DSC exports for compliance and historical tracking.
- In CI/CD scenarios, comparing configurations becomes unreliable if changes in Microsoft defaults silently alter the meaning of what's not in the file.
- There is currently no way to determine whether a setting is missing because it was never configured or because it’s simply set to the default.
Example
AADCrossTenantAccessPolicy 'AADCrossTenantAccessPolicy-1'
{
Ensure = 'Present'
# EnableAzureADB2BIntegration is not included, even though it's in use
}