Distribution Groups Test

A Distribution Group (DG) is a group that contains two or more people, has an email address and appears in the Global Address List (GAL) for a company. Internal and External users can send emails to the DG and it will go to all members of the DG.

Typically, a Universal Distribution Group is a distribution group that is created only to serve as an email distribution group in Exchange. A security-enabled distribution group (or security group) on the other hand is created so that you can assign permissions to a large group of users instead of assigning permissions to individual users one at a time.

With the help of the Distribution Groups test, administrators can easily and efficiently audit distribution groups. For each DG type (Universal and SecurityEnabled), this test reports the count and details of new, deleted, and modified groups of that type. Additionally, empty groups and orphaned groups are also brought to the attention of administrators. This way, administrators can identify groups that may have to be assigned new owners and groups that are still awaiting members.

Target of the test : Office 365

Agent deploying the test : A remote agent

Outputs of the test : One set of results for each DG type in the Office 365 tenant being monitored

First-level descriptor: DG type - this can be Universal or SecurityEnabled

Configurable parameters for the test
Parameters	Description
Test period	How often should the test be executed.
Host	The host for which the test is to be configured. By default, this is portal.office.com
Tenant Name	Certificate-based authentication (CBA) enables customers to allow or require users to authenticate with X.509 certificates against their Azure Entra ID for applications and browser sign-in. When monitoring highly secure Office 365 environments, you should configure the eG agent to identify itself to a tenant using a valid X.509 certificate, so that it is allowed secure access to the tenant and its resources. To achieve this, you should do the following: Enable Azure Entra ID Certificate-based authentication for the target O365 tenant; this can be achieved manually, via the Office 365 portal, or automatically, using Powershell scripts we provide. For the manual procedure, refer to Manually Enabling Certificate-based Authentication For an Office 365 Tenant. For the automatic procedure, refer to Automatically Fulfilling Pre-requisites For Monitoring Microsoft Office 365 Environments. When enabling certificate-based authentication, an X.509 certificate will be generated for the target tenant. Configure the Tenant Name parameter with the name of the tenant for which certificate-based authentication is enabled. Using the tenant name, the eG agent will be able to read the details of the X.509 certificate that is generated for that tenant, and use that certificate to access that tenant's resources. To determine the tenant name, do the following: Log in to the Microsoft 365 Admin Center as an administrator. Under Setup, click on Domains. Find a domain that ends with .onmicrosoft.com - this is your Microsoft O365 tenant name.
Domain, Domain User Name, Domain Password, and Confirm Password	These parameters are applicable only if the eG agent needs to communicate with the Office 365 portal via a Proxy server. In this case, in the Domain text box, specify the name of the Windows domain to which the eG agent host belongs. In the Domain User Name text box, mention the name of a valid domain user with login rights to the eG agent host. Provide the password of that user in the Domain Password text box and confirm that password by retyping it in the Confirm Password text box. On the other hand, if the eG agent is not behind a Proxy server, then you need not disturb the default setting of these parameters. By default, these parameters are set to none.
Proxy Host, Proxy Port, Proxy User Name, and Proxy Password	These parameters are applicable only if the eG agent needs to communicate with the Office 365 portal via a Proxy server. In this case, provide the IP/host name and port number of the Proxy server that the eG agent should use in the Proxy Host and Proxy Port parameters, respectively. If the Proxy server requires authentication, then specify the credentials of a valid Proxy user against the Proxy User Name and Proxy Password text boxes. Confirm that password by retyping it in the Confirm Password text box. If the Proxy server does not require authentication, then specify none against the Proxy User Name, Proxy Password, and Confirm Password text boxes. On the other hand, if the eG agent is not behind a Proxy server, then you need not disturb the default setting of any of the Proxy-related parameters. By default, these parameters are set to none.
Date format	The eG agent running this test pulls date/time information from Office 365 and displays the same as part of detailed diagnosis. The date/time so collected may be included in eG reports and dashboards as well. Typically, in Office 365, the format of this date/time information may vary depending upon the geography of the tenant being monitored- for instance, for a tenant in India, Office 365 may record dates in the format DD-MM-YY, whereas for a tenant in the USA, Office 365 may record dates in the format MM-DD-YY. The eG agent on the other hand, reports all data in the date format set in the eG manager, by default. This is why, the Date Format parameter is set to none by default. If required, administrators can override this default setting and have this test report date values in detailed diagnosis in the format that is set for the target tenant in Office 365. To achieve this, specify Office 365's date format against Date Format. For instance, for a tenant in the USA, the Date Format specification can be: MM/DD/YYYY. This way, every Office 365 tenant being monitored can view detailed metrics reported by this test in the date format that matches their geography.
DD Frequency	Refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 6:1. This indicates that, by default, detailed measures will be generated every time the test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD Frequency.
Detailed Diagnosis	To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option. The option to selectively enabled/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled: The eG manager license should allow the detailed diagnosis capability Both the normal and abnormal frequencies configured for the detailed diagnosis measures should not be 0.

Measurements made by the test
Measurement	Description	Measurement Unit	Interpretation
Modified groups	Indicates the number of groups of this type that were modified during the last measurement period.	Number	Use the detailed diagnosis of this measure to know which groups were modified and when.
Newly created groups	Indicates the number of groups of this type that were newly created during the last measurement period.	Number	Use the detailed diagnosis of this measure to know which groups were created, when.
Soft deleted groups	Indicates the number of groups of this type that have been soft-deleted.	Number	If you have deleted an Office 365 group, by default it's retained for 30 days. This 30-day period is called "soft-delete" because you can still restore the group. After 30 days, the group and associated content is permanently deleted and cannot be restored. During the "soft-delete" period if a user tries to access the site they will get a 403 forbidden message. After this period if the user tries to access the site they will get a 404 not found message. Use the detailed diagnosis of this measure to know which groups were soft-deleted and when.
Total groups	Indicates the total number of groups of this type.	Number	Compare the value of this measure across the various types of distribution groups in the target environment to determine which type of the distribution group is widely used in the environment.
Orphaned groups	Indicates the number of groups of this type that are orphaned/ownerless.	Number	If a group owner leaves your company the group could find itself without an owner. Such a group is called an Orphaned group. The content in the group is unaffected by this - the content belongs to the group and isn't tied to the owner's account. But not having a group owner means there's nobody with permissions to manage the group. Use the detailed diagnosis of this measure to know which groups are orphaned / ownerless.
Empty groups	Indicates the number of groups of this type that are empty currently.	Number	Use the detailed diagnosis of this measure to identify the empty groups. If any group is found to be empty for too long a time, you may want to delete such a group.

The detailed diagnosis of the Modified groups measure reveals the names of the groups that were modified recently, when such groups were created, and when the modification occurred. This enables administrators easily track changes to groups. Also, the current status of each group is revealed, so that administrators can accurately pinpoint inactive groups.

Figure 13 : The detailed diagnosis of the Modified groups measure reported by the Distribution Groups test

The detailed diagnosis of the Empty groups measure reveals the names of the empty groups, when such groups were created, whether/not the group configuration changed recently and if so when, and the current status of the groups. If an empty group is found to be inactive as well, you may want to delete the group.

Figure 14 : The detailed diagnosis of the Empty groups measure reported by the Distribution Groups test