Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarification on Setting Execution Policy for Microsoft 365 DSC #4750

Open
ArtemPozharovDNSBelgium opened this issue Jun 10, 2024 · 2 comments
Open

Clarification on Setting Execution Policy for Microsoft 365 DSC #4750

ArtemPozharovDNSBelgium opened this issue Jun 10, 2024 · 2 comments
Assignees
@ykuijs
Labels
Documentation Enhancement New feature or request

Comments

@ArtemPozharovDNSBelgium
Copy link

Description of the issue

Hello,

I would like to suggest an update to the Microsoft 365 DSC documentation to include a recommendation for setting the execution policy on new Windows servers. Specifically, running the command:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned

This command is necessary when using Export Microsoft 365 DSC to ensure that scripts downloaded from the internet are allowed to run, provided they are signed by a trusted publisher. Setting the execution policy to RemoteSigned enhances security by preventing the execution of potentially harmful unsigned scripts while allowing the functionality needed for Microsoft 365 DSC operations.

It’s important to note that this command is not cross-platform and is specifically applicable to Windows PowerShell. Including this step in the documentation will help administrators automate and manage their Microsoft 365 configurations more smoothly, without encountering interruptions or security risks.

Thank you for your consideration.

Best regards,
Artem Pozharov
Corporate ICT Manager
DNS Belgium

Microsoft 365 DSC Version

1.24.605.1

Which workloads are affected

other

The DSC configuration

No response

Verbose logs showing the problem

No response

Environment Information + PowerShell Version

No response
@ykuijs
Copy link
Member

ykuijs commented Jun 11, 2024

It is for sure good to document that this setting is needed. RemoteSigned is the default Execution Policy for Windows servers, so if you had to change it to RemoteSigned, there has been a change on your side to set it to something different:

Default

Sets the default execution policy.
Restricted for Windows clients.
RemoteSigned for Windows servers.

https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-7.4#powershell-execution-policies

Can you explain a little more on what system you had to run this command and what the old value was that was configured?

@ArtemPozharovDNSBelgium
Copy link
Author

Thank you all for your responses. We are using Windows Server 2019 with the standard PowerShell 5.1. We don't recall disabling the RemoteSigned policy; usually, we document such changes, but I don't see any references to this in our records.

Off-topic: Could you please review the workaround we found for connecting to PnP here #3933 (comment) ?
We would appreciate any comments or suggestions you might have on this approach.

Thank you!

@ArtemPozharovDNSBelgium ArtemPozharovDNSBelgium closed this as not planned Won't fix, can't repro, duplicate, stale Jun 12, 2024
@andikrueger andikrueger added the Enhancement New feature or request label Jun 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ykuijs ykuijs

Labels
Documentation Enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ykuijs @andikrueger @ArtemPozharovDNSBelgium