O365 Domains Test
A domain is a unique name that appears after the @ sign in email addresses, and after www. in web addresses. It typically takes the form of your organization's name and a standard Internet suffix, such as yourbusiness.com or stateuniversity.edu.
Using a custom domain like "rob@contoso.com" with Office 365 can help build credibility and recognition for your brand.
To know what are the different domains in the monitored tenant and to determine the status, capabilities, and configuration of each domain, use the O365 Domains test.
This test auto-discovers the domains in the monitored tenant and reports the type, status, capabilities, and verification method configured for each domain. Additionally, the test reveals the initial domain given for use by Office 365 and also its default domain setting. You can also use this test to know which domains are configured with root domains.
Target of the test : Office 365
Agent deploying the test : A remote agent
Outputs of the test : One set of results for each domain in the Office 365 tenant being monitored
First-level descriptor: Domain name
| Parameters | Description |
|---|---|
|
Test period |
How often should the test be executed |
|
Host |
The host for which the test is to be configured. By default, this is portal.office.com |
|
Tenant Name |
Certificate-based authentication (CBA) enables customers to allow or require users to authenticate with X.509 certificates against their Azure Entra ID for applications and browser sign-in. When monitoring highly secure Office 365 environments, you should configure the eG agent to identify itself to a tenant using a valid X.509 certificate, so that it is allowed secure access to the tenant and its resources. To achieve this, you should do the following:
|
|
Graph Client ID, Graph Client Secret |
This test pulls metrics by accessing the Microsoft Graph API. Therefore, for this test to run, the Microsoft Graph App should first be registered on Microsoft Entra ID, with a specific set of permissions. To know what these permissions are and which tests require these permissions, refer to eG Tests Requiring Microsoft Graph App Permissions.
This App can be created manually or using the proprietary PowerShell script that eG Enterprise provides. For the manual procedure, refer to Registering the Microsoft Graph App On Microsoft Entra ID. To use the PowerShell script, refer to Automatically Fulfilling Pre-requisites For Monitoring Microsoft Office 365 Environments. To allow this test access to Microsoft Graph App, you need to configure the test with the Graph Client ID and Graph Client Secret of the registered application. The Client ID is a unique identifier for your application, while the Client Secret is a confidential string used to verify your application's identity to access protected resources. If you have manually registered the app in Microsoft Entra ID, then steps 5 and 6 of the procedure detailed in the Registering the Microsoft Graph App On Microsoft Entra ID topic will lead you to the Client ID and Client Secret of the app. Make a note of these details and use them to configure the Graph Client ID and Graph Client Secret parameters, respectively. On the other hand, if you have used eG's proprietary pre-requisites script to automatically create the Microsoft Graph app, then, step 13 of the procedure detailed in the Automatically Fulfilling Pre-requisites For Monitoring Microsoft Office 365 Environments topic will provide you with the Client ID and Client Secret of the graph app. Make a note and configure the Graph Client ID and Graph Client Secret parameters accordingly. |
|
Domain, Domain User Name, Domain Password, and Confirm Password |
These parameters are applicable only if the eG agent needs to communicate with the Office 365 portal via a Proxy server. In this case, in the Domain text box, specify the name of the Windows domain to which the eG agent host belongs. In the Domain User Name text box, mention the name of a valid domain user with login rights to the eG agent host. Provide the password of that user in the Domain Password text box and confirm that password by retyping it in the Confirm Password text box. On the other hand, if the eG agent is not behind a Proxy server, then you need not disturb the default setting of these parameters. By default, these parameters are set to none. |
|
Proxy Host, Proxy Port, Proxy User Name, and Proxy Password |
These parameters are applicable only if the eG agent needs to communicate with the Office 365 portal via a Proxy server. In this case, provide the IP/host name and port number of the Proxy server that the eG agent should use in the Proxy Host and Proxy Port parameters, respectively. If the Proxy server requires authentication, then specify the credentials of a valid Proxy user against the Proxy User Name and Proxy Password text boxes. Confirm that password by retyping it in the Confirm Password text box. If the Proxy server does not require authentication, then specify none against the Proxy User Name, Proxy Password, and Confirm Password text boxes. On the other hand, if the eG agent is not behind a Proxy server, then you need not disturb the default setting of any of the Proxy-related parameters. By default, these parameters are set to none. |
|
DD Frequency |
Refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 1:1. This indicates that, by default, detailed measures will be generated every time the test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD Frequency. |
|
Detailed Diagnosis |
To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option. The option to selectively enabled/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:
|
| Measurement | Description | Measurement Unit | Interpretation | ||||||
|---|---|---|---|---|---|---|---|---|---|
|
Authentication |
Indicates the authentication type of the domain. |
|
The values that this measure can report and their corresponding numeric values are listed in the table below:
By default, any domain that is added to Office 365 is set as a Managed Domain by default. Managed domain is the normal domain in Office 365 online (Azure Entra ID), which uses standard authentication. Federated Domain Is a domain that Is enabled for a Single Sign-On and configured to use Microsoft Active Directory Federation (ADFS). Note: By default, this measure reports the Measure Values listed in the table above to indicate the authentication type of a domain. In the graph of this measure however, the same is indicated using the numeric equivalents only. |
||||||
|
Total capabilities |
Indicates the number of capabilities configured for this domain. |
Number |
A domain can be assigned any of the following capabilities: These can be SharePoint, Email, or OfficeCommunicationsOnline. A domain with SharePoint capability cannot be used for other capabilities. Use the detailed diagnosis of this measure to know which capabilities have been enabled for the domain. |
||||||
|
Is default? |
Indicates whether/not this domain has been set as the default domain. |
|
The values that this measure can report and their corresponding numeric values are listed in the table below:
Note: By default, this measure reports the Measure Values listed in the table above to indicate whether/not a domain is set as the default domain. In the graph of this measure however, the same is indicated using the numeric equivalents only. |
||||||
|
Is initial? |
Indicates whether/not this domain is the initial domain given for use by Office 365. |
|
The values that this measure can report and their corresponding numeric values are listed in the table below:
Note: By default, this measure reports the Measure Values listed in the table above to indicate whether/not a domain is the initial domain that Office 365 has given for use. In the graph of this measure however, the same is indicated using the numeric equivalents only. |
||||||
|
Status |
Indicates whether this domain is verified or unverified. |
|
Before you set up Office 365 to use a custom domain name, you have to make sure that you own the domain. Otherwise, anyone could use any domain name they wanted to. For example, someone could use your domain name with Office 365 and say they were you! Verification is the process that proves to Office 365 that you own your domain. If a domain is verified, then the value of this measure will be Verified. For an unverified domain, the value of this measure will be Unverified. The numeric values that correspond to these measure values are listed in the table below:
Note: By default, this measure reports the Measure Values listed in the table above to indicate the domain status. In the graph of this measure however, the same is indicated using the numeric equivalents only. |
||||||
|
Verification method |
Indicates the verification method using which the domain has been verified. |
|
Before you set up Office 365 to use a custom domain name, you have to make sure that you own the domain. Otherwise, anyone could use any domain name they wanted to. For example, someone could use your domain name with Office 365 and say they were you! Verification is the process that proves to Office 365 that you own your domain. In Office 365 domain verification was traditionally only available through DNS record validation. When adding a domain to Office 365 a domain verification text record or mx record was provided. This record would be added to your external DNS provider and after replication and global availability our queries would detect the presence of the record. When the record was detected the domain would be verified. Other verification methods also exist - eg., email validation. If this domain was verified using DNS record validation, then the value of this measure will be DnsRecord. On the other hand, if any alternative verification method was used, then this measure will report the value Others. The numeric values that correspond to these measure values are listed in the table below:
Note: By default, this measure reports the Measure Values listed in the table above to indicate the verification method. In the graph of this measure however, the same is indicated using the numeric equivalents only. |
||||||
|
Is root domain? |
Indicates whether/not this domain is a root domain. |
|
The values that this measure can report and their corresponding numeric values are listed in the table below:
Note: By default, this measure reports the Measure Values listed in the table above to indicate whether/not a domain is the root domain. In the graph of this measure however, the same is indicated using the numeric equivalents only. |
The detailed diagnosis of the Total capabilities measure reveals the capabilities assigned to the monitored domain.
Figure 11 : The detailed diagnosis of the Total capabilities measure
