Creating a New User in the Office 365 Portal

To monitor Microsoft Office 365 and its cloud-based service offerings such as SharePoint Online, Exchange Online, OneDrive for Business, Microsoft Teams, Microsoft Yammer etc., the eG agent has to be configured with the credentials of a user who has been assigned specific privileges. These privileges vary with the service being monitored - i.e., eG monitoring model in use.

The table below describes these privileges:

Monitoring model

Permissions

Microsoft Office 365

A user who is vested with the View-Only Audit Logs permission

Microsoft Exchange Online

A user who is vested with the View-Only Audit Logs, View-Only Recipients, Mail Recipients, and Mail Import Export permissions.

Microsoft SharePoint Online and Microsoft OneDrive for Business

A user who has been assigned the Service support admin and SharePoint admin roles and is vested with the View-Only Audit Logs permission

Microsoft Teams

A user who has been assigned the Service support admin role and is vested with the View-Only Audit Logs and Team Administrator permissions

Microsoft Yammer

A user who has been assigned the Service support admin role and is vested with the user_impersonation permission

While you can use the credentials of any existing O365 user with the aforesaid privileges, it is recommended that you create a special user for monitoring purposes using the Office 365 portal and pass the credentials of that user to the eG agent. To create a new user using the Office 365 portal and assign the required privileges to that user, follow the steps detailed below:

  1. Using a browser, connect to the Office 365 portal. The default URL of the portal is: https://portal.office.com
  2. Login to the portal as a user with administrator privileges.
  3. Figure 1 will then appear.

    Figure 1 : Welcome page of the Office 365 portal

  1. Click on Admin under Apps (in Figure 1). The Microsoft Office 365 Admin Center will then appear (see Figure 2).

    Figure 2 : The Microsoft Office 365 Admin Center

  2. To create a new user, click on the Add a user link under the Active users section in Figure 2.
  3. Figure 3 will then appear.

    Figure 3 : Adding a new user

  4. Provide the First name, Last name, and Display name of the new user. Then, provide a Username, which will be automatically suffixed with the domain name of the Domain you have logged into. Click the Next button to select the geographic location of the new user.

    Figure 4 : Choosing the geographic location of the new user

  5. Then, select the geographic Location of the new user. Turn On the Create user without product license flag in Figure 4.
  6. Clicking the Next button in Figure 4 will reveal Figure 5. Here, select the Admin center access option, and choose the Service support admin and SharePoint admin permissions as indicated by Figure 5.

    Figure 5 : Selecting the Admin center access

  7. Click the Next button in Figure 5 to review your selection which appears in Figure 6.

    Figure 6 : Reviewing your selection

  8. Finally, click the Finish adding button in Figure 6 to add the new user. Figure 7 will then appear providing a quick summary of details of the user you just created. Office 365 also automatically generates and assigns a password to the new user. Make a note of the Username and Password displayed in Figure 7, as this is what you need to configure against the OFFICE 365 USER and OFFICE 365 PASSWORD parameters of the eG tests.

    Figure 7 : Message confirming the successful addition of a user

    Note:

     

    Check if the Password displayed in Figure 7 contains double quotes. If it does, then remember to change the password before attempting to pass these credentials to eG tests. If this is not done, then some eG tests may fail to report metrics.

  9. Next, proceed to assign the View-Only Audit Logs permission to the new user. For that, first click on the Admin Center tool in the tool bar depicted by Figure 8. From the menu that pops up, click on Exchange.

    Figure 8 : Connecting to the Exchange Admin Center

  10. Figure 9 will then appear.

    Figure 9 : The Exchange Admin Center

  11. From the list of options in the left panel of Figure 9, select permissions. Figure 10 will then appear listing the admin role groups that pre-exist.

    Figure 10 : Clicking on the permissions option to view the admin role groups

  12. Let us now proceed to create a role group that includes the View-Only Audit Logs permission. For that, click on the button on top of the list of admin role groups (see Figure 10). Figure 11 will then appear.

    Figure 11 : Adding a new role group

  13. Provide a unique Name and Description for the new role group (see Figure 11). Then, click on the button in the Roles section of Figure 11. Figure 12 will then appear listing the DISPLAY NAMEs of permissions that you want to add to the new role. From this list, select the View-Only Audit Logs permission and click the add -> button to add the permission. Then, click OK to save the changes.

    Figure 12 : Adding the View-Only Audit Logs permission to the new role

  14. Figure 13 will then appear. Next, proceed to assign the new role group (that includes the View-Only Audit Logs permission) to the user you created previously. For that, click on the button in the Members section of Figure 13.

    Figure 13 : Clicking on the '+' icon in the Members section

  15. Figure 14 will then appear. From the list of user names displayed in Figure 14, select the name of the user you created for monitoring purposes and click the add -> button. Then, click OK.

    Figure 14 : Assigning the role group to a user

  16. When Figure 15 appears, click the Save button to save the new role group definition.

    Figure 15 : Saving the new role group

Assign other permissions (View-Only Recipients, Mail Recipients, Mail Import Export) to the newly added user by repeating steps 15 - 19 above.