AvePoint Learn
Request article
Contact support
Request article
Contact support
English

Home > Baseline Management > View and Modify Tenant Configurations

Export to PDF

View and Modify Tenant Configurations

To view the current configurations of a tenant, and make updates and deploy changes to the tenant if needed, select the tenant on the Tenants page, and click View configurations, or you can click the tenant name to access the page directly.

Overview Statistics

In the upper-left corner of the page, you can find the status of the current tenant.

In the summary section, you can find the following information:

  • Tenant name and customer’s organization name

  • Baseline name, baseline version, and baseline color

    If multiple baselines are deployed to the tenant, they will be listed in the ranking order for clarity.

  • Some status indicators to the tenant

    • Compliant – Appears when no configuration deviations have been detected.

    • Non-compliant – Appears when configuration deviations are detected.

    • Auto-alignment enabled – Appears when auto-alignment is enabled for the tenant.

    • Monitor only – Appears when auto-alignment is not enabled for the tenant.

    • Out of policy – Appears when the number of assigned licenses exceeds the quantity purchased for this service. There is a 15-day grace period. After that, service jobs will be automatically suspended, and reports will stop updating.

  • Time of the last drift detection

The Drift detection chart displays the total number of detected configuration deviations, along with a breakdown categorized by configuration source. For deeper review, you can click View details to access the Deviations page. For detailed instructions, refer to Deviations.

NOTE

If some configurations were retrieved with exceptions, a Warning icon will appear. You can click this icon to retry the operation or export a detailed report.

The Accepted deviations chart displays the total number of accepted deviations, along with a breakdown categorized by configuration source. For deeper review, you can click View details to access the Deviations page. For detailed instructions, refer to Deviations.

The Accepted deviations expiring soon chart displays the total number of accepted deviations that will expire in 5 days, along with a breakdown categorized by configuration source. For deeper review, you can click View details to access the Deviations page. For detailed instructions, refer to Deviations.

The Configuration alignment overview chart provides a snapshot of how well the tenant’s current configurations align with the deployed baseline standards. It includes:

  • Total – Displays the total number of configurations.

  • Matched with baseline – Displays the number of configurations that align with the baseline standards.

  • Recommended from baseline – Displays the number of configurations that conflict with the baseline standards, which are recommended to be updated.

  • Unique to tenant – Displays the number of configurations that are unique to the tenant, not covered by the baseline standards.

  • Alignment score – Displays the compliance percentage, calculated by dividing matched configurations by the total configurations.

The Baseline chart provides displays the baselines deployed to the tenant and their specific version. Click the baseline name will redirect you to the Version history page. For detailed instructions, refer to Manage Baseline Versions.

The Alignment score chart displays compliance percentage over the last 30 days. It also compares today’s compliance percentage to the same date in the previous month and highlights the trend.

The Accepted deviations trend analysis chart displays the accepted deviations trend over the last 30 days with breakdowns categorized by configuration source.

The Deviations trend analysis chart displays the deviations trend over the last 30 days, broken down by configuration source in 5-day intervals.

The Auto-aligned configurations chart displays the number of auto-aligned configuration deviations over the last 7 days with breakdowns categorized by configuration source.

The Microsoft Secure Score chart displays you security score and breakdown points by category. Please note that the data is not in real-time, and you can find the last date of calculation. Click View details to navigate to the full Microsoft Secure Score portal for further analysis.

Configurations

In the upper-left corner of the page, you can find the status of the current tenant.

Configurations are organized into two categories: Baseline scope which displays configurations defined within the baseline; Unique to tenant which displays configurations that only exist in the tenant.

In the Configurations section, you can find the number of instances that match the filter conditions and the total number of instances. Configurations are grouped into 4 sources: Intune, Microsoft 365, Microsoft 365 admin, and Microsoft Entra ID. You can expand a source to view its configurations, expand a configuration to view its instances, and click View next to an instance to view its detailed properties and property values.

For quick access, you can search for a specific configuration by entering the configuration name in the Search text box and pressing Enter on your keyboard.

If you want to mark an instance as tenant-specific setting, click Mark as tenant-specific setting next to the instance. Enter a comment and click Save. A Tenant-specific setting tag will appear next to it. Once an instance is marked as tenant-specific setting, it will still be included in the configuration deployment. However, drift detection will now use this custom value as the new standard for detecting deviations. To unmark an instance as tenant-specific setting, click Unmark, enter a comment, and click Save to save the changes. The Tenant-specific setting tag will disappear. Once an instance is unmarked as tenant-specific setting, it will still be monitored based on the baseline standard in drift detection.

When viewing tenant configurations, you can update configurations directly. To update properties of an instance, click Edit next to the instance to open the Edit window. In the Edit window, if a property cannot be updated, a View only tag will appear next to it. To help streamline the review process, you can click Hide view-only properties to focus only on those modifiable properties. To update properties, locate a property, make updates, and click Update to save the changes.

If you want to mark properties of an instance as tenant-specific settings, in the Edit window, select the properties, and click Mark as tenant-specific setting. A Tenant-specific setting tag will appear next to the properties. Once a property is marked as tenant-specific setting, it will still be included in the configuration deployment. However, drift detection will now use this custom value as the new standard for detecting deviations. To unmark a property as tenant-specific setting, click Unmark, enter a comment, and click Save to save the changes. The Tenant-specific setting tag will disappear. Once a property is unmarked as tenant-specific setting, it will still be monitored based on the baseline standard in drift detection.

After making changes, click Deploy changes in the lower-right corner of the page. In the Deploy changes window, changes are displayed, and you need to click Deploy changes to deploy these changes to the tenant.

In the upper-right corner of the page, you will find the More actions button, which allows you to perform additional actions as below:

Deviations

In the upper-left corner of the page, you can find the status of the current tenant.

Deviations are organized into two categories: Deviations which displays the detected configuration deviations in the tenant, and Accepted deviations which displays the configuration deviations that you have previously reviewed and accepted for the tenant.

Under the Deviations tab, you can view the following information and make updates if needed:

  • The Drift detection chart displays the total number of detected configuration deviations, along with a breakdown categorized by configuration source.

  • The Deviations trend analysis chart displays the deviations trend over the last 30 days, broken down by configuration source in 5-days intervals.

  • In the comparisons section, comparisons are grouped into 4 tabs. You can search for a specific configuration by entering the configuration name in the Search text box and press Enter. If you want to focus on configurations from a specific baseline, click Filter, select the desired baseline, and click Apply changes.

    Switch among these tabs to review the configurations:

    • Conflicts with baseline – This tab displays the configurations that are configured differently (same instance name but mismatched property values) in the tenant and the baseline.

    • Unique to baseline – This tab displays the configurations that are exclusive to the baseline.

    • Unique to tenant – This tab displays the configurations that are exclusively to the tenant.

      NOTE

      This tab is visible only when Drift detection scope is set to All supported configurations, as this option is for comprehensive tenant monitoring which identifies any modifications made to all supported configurations.

    • Matches with baseline – This tab displays the configurations that are configured identically (same instance name and property values) in the tenant and the baseline.

    When viewing the comparisons, you can make updates and deploy the configurations to the tenant when the configurations meet your requirements. For detailed instructions, refer to Deploy Configurations to a Tenant.

Under the Accepted deviations tab, you can perform the following operations to manage the accepted deviations:

  • Extend duration – To extend the duration of the acceptance, select the accepted deviation with the Active status, and click Extend duration. Configure a new duration, enter a comment, and click Save to save the changes.

  • Cancel acceptance – To cancel acceptance, select the accepted deviation with the Active status, and click Cancel acceptance. Enter a comment and click Save to save the changes. The status of the accepted deviation is changed to Canceled. Canceling acceptance will re-enable drift detection for the instance or property.

  • Delete record – To delete a record, select the accepted deviation with the Canceled status, and click Delete. Click OK in the pop-up confirmation message.

In the upper-right corner of the page, you will find the More actions button, which allows you to perform additional actions as below. Note that the available buttons vary based on the status of the currently selected tenant.

Tenant-specific Settings

On the Tenant-specific settings tab, you can perform the following operations to manage the marked tenant-specific settings:

  • Unmark – To unmark an instance as tenant-specific setting, select the tenant-specific setting, and click Unmark. Enter a comment and click Save to save the changes. Once an instance is unmarked as tenant-specific setting, it will still be monitored based on the baseline standard in drift detection.

  • Delete record – To delete a record, select the tenant-specific setting with the Unmarked status, and click Delete. Click OK in the pop-up confirmation message.

In the upper-right corner of the page, you will find the More actions button, which allows you to perform additional actions as below. Note that the available buttons vary based on the status of the currently selected tenant.

Process Center

The Process center page provides tracking for actions performed within the current tenant and you can also download reports here.