Microsoft Makes Tenant Configuration Management APIs Generally Available

Microsoft has announced the general availability of Tenant Configuration Management (TCM) APIs for commercial customers. The new APIs give organizations a programmatic way to define, monitor, and maintain secure Microsoft 365 configurations at scale.

In traditional tenant configuration management, access and control are tied to individual administrator permissions rather than a centralized view of the tenant. While administrators can manage the resources they are authorized for, they often lack complete visibility into all configuration settings and have no reliable way to confirm whether the tenant still aligns with an intended or secure configuration state.

“The Tenant Configuration Management (TCM) APIs allow administrators to control and manage configuration settings across a single workload or multiple workloads within the organization. Administrators have the ability to manage tenant configuration through a declarative representation that helps maintain configuration settings in the desired state. This representation can define one or multiple resources, each with one or more associated properties,” Microsoft explained.

How do TCM APIs help organizations prevent configuration drift?

The TCM API introduces a configuration‑as‑code approach to Microsoft Entra by structuring tenant management around four tightly connected elements. It allows organizations to capture the current tenant setup as a snapshot, define an approved or compliant configuration through a baseline, continuously compare the live environment against that baseline using monitors, and clearly identify any differences as configuration drift. This makes it easier to understand and manage how far the tenant deviates from the intended state over time.

While the TCM APIs provide the underlying programmatic capabilities, Microsoft Entra Tenant Governance delivers a ready-made administrative experience on top of them. Tenant Governance uses the APIs to centralize visibility, identify configuration drift, and simplify governance actions. Organizations can either rely on this built-in experience or use the APIs directly to build custom solutions and managed services. If you’re interested, you can learn more about the Tenant Configuration Management APIs on this support page.