This is the process within Configuration Manager to install a baseline tenant, including if it's the first tenant you are installing.
Get ready for baseline tenant installation
First, ensure that you are properly prepared for baseline tenant installation.
A couple of notes on baseline installation
The baseline is an M365 tenant that contains a set of configurations to which your tenants will align.
Configuration Manager requires at least one baseline be installed.
Please note that:
- If you are installing your first tenant, this will be a baseline.
- You can install as many additional baselines as you need.
Installation steps
The following steps will guide you through the installation process. For each step, an in-depth article is provided and linked:
Navigation
Navigation when accessing for the first time
If you are accessing Configuration Manager for the first time, you will be directed to the tenants page.
The button explains that the first step is to install your baseline tenant. When you click this button, you are brought to the baseline install page:
See below how to proceed with the baseline tenant installation.
Afterwards, you will land in the “Add a baseline tenant” page:
Configuring tenant information and settings
Authentication method
If you wish to use “User account authentication”, choose the method by which Configuration Manager authenticates into the tenant: Service Account or delegated authentication.
This is an important choice and should be aligned with your organization's security posture. Don't be caught unprepared! Refer to our guide to help you decide.
Service Principal authentication
A Service Principal is required to assist in tenant authentication and configuration management.
Configuration Manager will create a service principal in the tenant at install time. If you would prefer, you can bring your own custom service principal!
Link an Azure subscription
Enable this option if you have an Azure subscription in the tenant and would like Configuration Manager to manage the configurations associated with that subscription.
Approval group selection
Choose which group of users has the authority to approve or reject changes made to the tenant configurations. Please note that the default group is ”Contributors”.
Agent pool selection
Configuration Manager offers the ability to choose where your Sync operations run through the agent pool feature. While syncs typically run on Microsoft-hosted agents by default, you can select self-hosted agents for enhanced control and security compliance.
Agent pools can be selected either from the Sync page as well.
Install as backup only
Checking this box will restrict Syncs to only perform export operations. No preview operations will be conducted, and configuration deployments will not be attempted for this tenant, ensuring a more stable overall operation.
You will be able to change authentication method, custom service principal, the link to the Azure Subscription, agent pool, approval group or reinstall the tenant as a backup only at a later time.
Launch the installation
When everything is configured, you can launch the installation by pressing “Add”.