Entra TCM APIs GA for Tenant Configuration Management
Summary
Microsoft has made the Tenant Configuration Management (TCM) APIs in Microsoft Graph generally available, giving organizations a scalable way to define, export, monitor, and manage tenant configurations. The release matters because it enables a configuration-as-code approach in Microsoft Entra, helping IT teams reduce drift, improve compliance, and automate governance across multi-tenant environments.
Introduction
Microsoft has announced general availability of the Tenant Configuration Management (TCM) APIs for Microsoft Entra. For IT administrators managing complex or multi-tenant environments, this is an important step toward more consistent, automated, and auditable configuration management.
As tenant settings grow across identity, security, and productivity workloads, configuration drift becomes harder to control. The new GA APIs help organizations move from manual, reactive processes to a declarative and continuous management model.
What’s new
The TCM APIs are now generally available in Microsoft Graph and provide the underlying engine for Microsoft Entra Tenant Governance.
Key capabilities include:
- Snapshots to capture the current state of tenant configurations
- Baselines to define a desired or compliant configuration state
- Monitors to continuously compare live settings against the baseline
- Configuration drift detection to identify deviations from the expected state
This creates a repeatable workflow for configuration management:
- Capture the current state
- Define the desired state
- Continuously monitor for drift
- Take governance or remediation actions
Why this matters for administrators
For Entra and Microsoft 365 admins, the biggest benefit is the ability to treat tenant settings more like infrastructure-as-code. Instead of relying on portal checks and one-off reviews, teams can programmatically manage and validate configuration over time.
This is especially useful for organizations that:
- Manage multiple tenants
- Need stronger compliance and auditability
- Want to integrate tenant configuration checks into automation workflows
- Need better visibility into changes that introduce security risk
Because the APIs are exposed through Microsoft Graph, they can also be connected to existing operational, compliance, and security tooling.
How it fits with Entra Tenant Governance
Microsoft clarified that Entra Tenant Governance is the product experience, while the TCM APIs are the platform layer behind its configuration management features. Organizations can use Tenant Governance for a built-in administrative experience, while partners and advanced teams can use the APIs directly for custom integrations and managed services.
Microsoft also noted that Tenant Governance will continue evolving toward a single pane of glass for centrally managing multiple tenants.
Next steps
Admins and architects should consider these actions:
- Review the Microsoft Graph TCM API documentation
- Evaluate which tenant settings should become your initial baseline
- Identify automation scenarios for drift monitoring and reporting
- Assess whether Entra Tenant Governance or direct API integration better fits your operating model
For organizations focused on governance at scale, the GA of the TCM APIs provides a solid foundation for more proactive tenant configuration control.
Need help with Entra ID?
Our experts can help you implement and optimize your Microsoft solutions.
Talk to an ExpertStay updated on Microsoft technologies