Sync is the process by which Configuration Manager:
- Authenticates into your tenant
- Performs a backup of the tenant's configurations
- Performs any actions you want Configuration Manager to perform
By default, every Sync will always execute these steps, regardless of the specific actions you want it to do.
Authentication
Configuration Manager does not maintain continuous access to your environments. It only accesses your tenants when a Sync is running. This means that:
- Configuration Manager needs to authenticate into the tenant during each Sync for changes to be read or written to the tenant
- When the Syncs are idle, there is no access to the tenant
- Configuration Manager is not aware of any changes in your tenant until you run a Sync
- If you want to perform any action or a backup, you need to run a Sync
Authentication depends on the method of authentication you chose at install time: service account or delegated authentication.
If the Sync cannot authenticate into the tenant, it will stop and display an error indicating that authentication failed.
Backup (Run export)
Once the Sync has successfully authenticated into the tenant, Configuration Manager will perform a backup.
The Sync reads every configuration supported by Configuration Manager and that it has access to. It will read the properties of those configurations and back them up as code to your Azure DevOps repository.
Comparison to baseline
For downstream tenants only, there's an additional step. After authenticating and performing a backup, Configuration Manager will compare what it backed up in the downstream tenant to the baseline by performing a diff.
The Sync will check for changes in the downstream tenant and compare those changes to the baseline configurations. Configuration Manager stores a representation of this difference in the downstream tenant's repository.
Compare (Run preview)
Once it's certain that the backup is up-to-date, Configuration Manager compares the current state of the tenant to the previous backup to determine if any changes need to be written/deployed to the tenant.
Once this process is complete, if configuration changes need to be deployed to the tenant, the Sync will change its status to “Pending Approval”. If no detected changes need to be deployed, the Sync stops and goes back to an idle state.
Deploy (Run deploy)
If a Sync determines that changes need to be deployed to a tenant, Configuration Manager will:
- Show the Pending Approval status, indicating the changes must be reviewed and approved by a Configuration Manager user
- If approved, Configuration Manager will begin the Deploy stage of the Sync to write the approved changes to the tenant