How to Manually Fulfill Pre-requisites for Monitoring Exchange Online?
Typically, to pull metrics, the eG agent should first be able to connect to the O365 cloud via powershell. To enable this connection, the following need to be installed and run on the eG agent host:
- A 64-bit version of the Microsoft Online Services Sign-in Assistant for IT Professionals RTW: You can download its installable from the URL: https://download.microsoft.com/download/7/1/E/71EF1D05-A42C-4A1F-8162-96494B5E615C/msoidcli_64bit.msi. After downloading, use the installable to install the sign-in assistant, and then start it.
A 64-bit version of the Microsoft Azure Active Directory Module for Windows PowerShell: To install this module, do the following:
- First, install the PackageManagement and PowerShellGet modules on the eG agent host. You can download the installable from the URL: https://download.microsoft.com/download/C/4/1/C41378D4-7F41-4BBE-9D0D-0E4F98585C61/PackageManagement_x64.msi
- Once the PackageManagement and PowerShellGet modules are successfully installed, open Windows PowerShell ISE in elevated mode on the eG agent host.
Figure 164 : Installing the Microsoft Azure Active Directory Module for Windows PowerShell
To monitor Microsoft Exchange Online, the eG agent requires the privileges of a user who has been assigned the Global reader role and is vested with the View-Only Audit Logs, View-Only Recipients, Mail Recipients, and Mail Import Export permissions. For this purpose, each test the eG agent runs on Exchange Online should be configured with the credentials of a user who has been assigned the aforesaid role and permissions.
While you can use the credentials of any existing O365 user with the aforesaid privileges, it is recommended that you create a special user for monitoring purposes using the Office 365 portal and configure the eG tests with the credentials of that user. To know how to create a new user using the Office 365 portal and assign the required privileges to that user, refer to the Creating a New User in the Office 365 Portal topic.
To enable the eG agent to monitor service health, you need to ensure that the Microsoft Graph App is installed on Azure Active Directory (AD), with the following permissions:
- ServiceHealth.Read permission, which will allow the app to read the service health information for your organization;
- MyFiles.Read permission, which will allow the app to read from and write to user files;
- Sites.Read.All permission, which will allow the app to read items in all site collections;
- User.Read permission, which will allow the app to sign in and read the user profile;
- Group.Read.All permission, which will allow the app to read all groups;
- User.Read.All permission, which will enable the app to read the full profile of all users;
- Reports.Read.All permission, which will permit the app to read all usage reports;
The steps for manually installing this app and granting the aforesaid permissions are detailed in Installing the Microsoft Graph App On Microsoft Azure Active Directory