Audit Activities by Service Test

Office 365 offers subscription plans that include access to Office applications plus other productivity services that are enabled over the Internet (cloud services). To know which of these services are popular amidst users, administrators need to measure the workload of each service. In other words, administrators have to know how many users are accessing and how many operations are being performed on each service. The Audit Activities by Service test provides administrators with this insight!

This test auto-discovers the services offered by your Office 365 subscription. For each service, the test then reports the number of unique operations performed on the service, and the number of unique users using the service. Using these metrics, administrators can gauge the overall workload of each service and accurately identify the popular/most used service. With the help of the detailed diagnostics of this test, you can also identify that operation which has imposed maximum load on the service. Detailed metrics also reveal the users who used the service.

Target of the test : Office 365

Agent deploying the test : A remote agent

Outputs of the test : One set of results for each service offered by your Office 365 subscription

First-level Descriptor: Service Name

Configurable parameters for the test
Parameters Description

Test period

How often should the test be executed

Host

The host for which the test is to be configured. By default, this is portal.office.com

O365 User Name, O365 Password, and Confirm Password

For execution, this test requires the privileges of an O365 user who is vested with the View-Only Audit Logs permission. Configure the credentials of such a user against O365 User Name and O365 Password text boxes. Confirm the password by retyping it in the Confirm Password text box.

While you can use the credentials of any existing O365 user with the afore-said privileges, it is recommended that you create a special user for monitoring purposes using the Office 365 portal and use the credentials of that user here. To know how to create a new user using the Office 365 portal and assign the required privileges to that user, refer to Creating a New User in the Office 365 Portal.

O365 Domain

To have a personalized business email address, team site address, or even an account name, you set up a domain name with Office 365. A domain is a unique name that appears after the @ sign in email addresses, and after www. in web addresses. It typically takes the form of your organization's name and a standard Internet suffix, such as yourbusiness.com or stateuniversity.edu. Office 365 gives you an initial domain name to use. By default, this will be of the format: *.onmicrosoft.com - eg., abc.onmicrosoft.com. To enable this test to pull metrics, you need to configure the test with the name of this initial domain. Therefore, configure the O365 Domain parameter with the name of the initial domain. To know what is your Office 365 initial domain name, do the following:

  1. Log on to the Microsoft Office 365 Online Portal using an administrative account.
  2. Under Management, click on Domains.
  3. The initial domain should be listed with a name ending with .onmicrosoft.com.

Domain, Domain User Name, Domain Password, and Confirm Password

These parameters are applicable only if the eG agent needs to communicate with the Office 365 portal via a Proxy server.

In this case, in the Domain text box, specify the name of the Windows domain to which the eG agent host belongs. In the Domain User Name text box, mention the name of a valid domain user with login rights to the eG agent host. Provide the password of that user in the Domain Password text box and confirm that password by retyping it in the Confirm Password text box.

On the other hand, if the eG agent is not behind a Proxy server, then you need not disturb the default setting of these parameters. By default, these parameters are set to none.

Proxy Host, Proxy Port, Proxy User Name, and Proxy Password

These parameters are applicable only if the eG agent needs to communicate with the Office 365 portal via a Proxy server.

In this case, provide the IP/host name and port number of the Proxy server that the eG agent should use in the Proxy Host and Proxy Port parameters, respectively.

If the Proxy server requires authentication, then specify the credentials of a valid Proxy user against the Proxy User Name and Proxy Password text boxes. Confirm that password by retyping it in the Confirm Password text box. If the Proxy server does not require authentication, then specify none against the Proxy User Name, Proxy Password, and Confirm Password text boxes.

On the other hand, if the eG agent is not behind a Proxy server, then you need not disturb the default setting of any of the Proxy-related parameters. By default, these parameters are set to none.

DD Frequency

Refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 1:1. This indicates that, by default, detailed measures will be generated every time the test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD Frequency.

Detailed Diagnosis

To make diagnosis more efficient and accurate, the eG Enterprise suite embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option. The option to selectively enabled/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:

  • The eG manager license should allow the detailed diagnosis capability
  • Both the normal and abnormal frequencies configured for the detailed diagnosis measures should not be 0.
Measurements made by the test
Measurement Description Measurement Unit Interpretation

Total operations

Indicates the total number of operations performed on this service.

Number

This is a good indicator of the workload on the service.

Compare the value of this measure across services to know which service is used the most.

Unique operations

Indicates the number of unique operations performed on this service.

Number

Use the detailed diagnosis of this measure to know which operations were performed on the service and how many times.

Unique users

Indicates the number of unique users of this service.

Number

Compare the value of this measure across service to know which service is the most popular with users.

Use the detailed diagnosis of this measure to know which users are using the service.

Unique client IPs

Indicates the number of unique clients from which users accessed this service.

Number

Use the detailed diagnosis of this measure to know the clients used and the users who are accessing the service from each client. The operations performed by the users and the number of times for which each operation was performed are also reported as part of detailed diagnostics.

The detailed diagnosis of the Total operations and Unique operations measures lists the operations performed on a service and the number of times for which each operation was performed. This way, you can identify the operation that imposed the maximum load on the service.

Figure 26 : The detailed diagnosis of the Unique operations measure

The detailed diagnosis of the Unique users measure lists the top-10 users of a service, in terms of the operational load they imposed on that service. For each user, the detailed diagnostics reveal the client from which the user accessed the service, the operations performed by the user, and the number of times (in square braces) each operation was performed. This way, you will be able to identify which user imposed the maximum load on the service and through which operation.

Figure 27 : The detailed diagnosis of the Unique users measure

Using the detailed diagnosis of the Unique client IPs measure, you can view the top-10 client IPs, in terms of the workload generated by the users accessing the service from those IPs. For each IP, the detailed metrics reveal the users accessing the service from that IP, the operations performed by the users when accessing from that IP, and the number of times (in square braces) each operation was performed. This way, you will be able to identify the client IP that generated the maximum workload for a service.

Figure 28 : The detailed diagnosis of the Unique client IPs measure