O365 License Usage Test
When you buy an Office 365 subscription, you specify the number of licenses that you need, based on how many people you have in your organization. The validity and usage of these licenses needs to be tracked closely, so that any potential license shortage / expiry can be proactively detected and prevented. This is because, without adequate licenses, your users will not be able to use the Office 365 product, or the applications/services they have subscribed for under that product. This is where the License Usage test helps!
This test auto-discovers the Office 365 products you have subscribed to and groups the products on the basis of the license type - active or suspended. Product licenses that have been purchased and are available for assignment to users are grouped under 'Active licenses'. Product licenses that are not available for assignment to users are grouped under 'Suspended licenses'.
For each product under these categories, the test reports the count of licenses purchased, assigned to users, and yet to be assigned to users. On the basis of these usage values, the test also auto-computes and reports the overall license usage percentage, thus proactively alerting to any potential license shortage. The test also reports the count of licenses that will expire shortly, and thus gives you a heads up on impending license expiry.
Target of the test : Office 365
Agent deploying the test : A remote agent
Outputs of the test : One set of results for each Office 365 product that you have subscribed for
First-level descriptor: License type - Active or Suspended
Second-level descriptor: Office 365 product
| Parameters | Description |
|---|---|
|
Test period |
How often should the test be executed |
|
Host |
The host for which the test is to be configured. By default, this is portal.office.com |
|
Tenant Name |
Certificate-based authentication (CBA) enables customers to allow or require users to authenticate with X.509 certificates against their Azure Entra ID for applications and browser sign-in. When monitoring highly secure Office 365 environments, you should configure the eG agent to identify itself to a tenant using a valid X.509 certificate, so that it is allowed secure access to the tenant and its resources. To achieve this, you should do the following:
|
|
Graph Client ID, Graph Client Secret |
This test pulls metrics by accessing the Microsoft Graph API. Therefore, for this test to run, the Microsoft Graph App should first be registered on Microsoft Entra ID, with a specific set of permissions. To know what these permissions are and which tests require these permissions, refer to eG Tests Requiring Microsoft Graph App Permissions.
This App can be created manually or using the proprietary PowerShell script that eG Enterprise provides. For the manual procedure, refer to Registering the Microsoft Graph App On Microsoft Entra ID. To use the PowerShell script, refer to Automatically Fulfilling Pre-requisites For Monitoring Microsoft Office 365 Environments. To allow this test access to Microsoft Graph App, you need to configure the test with the Graph Client ID and Graph Client Secret of the registered application. The Client ID is a unique identifier for your application, while the Client Secret is a confidential string used to verify your application's identity to access protected resources. If you have manually registered the app in Microsoft Entra ID, then steps 5 and 6 of the procedure detailed in the Registering the Microsoft Graph App On Microsoft Entra ID topic will lead you to the Client ID and Client Secret of the app. Make a note of these details and use them to configure the Graph Client ID and Graph Client Secret parameters, respectively. On the other hand, if you have used eG's proprietary pre-requisites script to automatically create the Microsoft Graph app, then, step 13 of the procedure detailed in the Automatically Fulfilling Pre-requisites For Monitoring Microsoft Office 365 Environments topic will provide you with the Client ID and Client Secret of the graph app. Make a note and configure the Graph Client ID and Graph Client Secret parameters accordingly. |
|
Graph Scope, Graph Authority |
This test pulls metrics by accessing the Microsoft Graph API. Therefore, for this test to run, a Microsoft Graph App should first be registered on Microsoft Entra ID, with a specific set of permissions. To know what these permissions are and which tests require these permissions, refer to eG Tests Requiring Microsoft Graph App Permissions.
This App can be created manually or using the proprietary PowerShell script that eG Enterprise provides. For the manual procedure, refer to Registering the Microsoft Graph App On Microsoft Entra ID. To use the PowerShell script, refer to Automatically Fulfilling Pre-requisites For Monitoring Microsoft Office 365 Environments. To interact with the Graph API and gather the required performance statistics, the eG agent running this test requires an access token. The SCOPE and AUTHORITY parameters within the access token are crucial for defining the scope of access and the authentication context, respectively. SCOPE specifies what resources the eG agent running this test can access, while AUTHORITY identifies the authentication provider. The Graph Scope and Graph Authority parameters of this test capture the SCOPE and AUTHORITY definitions (respectively) in the eG agent's access token. By default, the Graph Scope parameter is set to https://graph.microsoft.com/.default. This is a common SCOPE for Microsoft Graph, allowing the eG agent to access all permissions that have been granted to the registered Microsoft Graph app within the Microsoft Entra ID. You can change this to match the SCOPE defined for the eG agent in your organization. Similarly, the Graph Authority is set to https://login.microsoftonline.com/ by default. In this case, the tenant name or ID you specify against the Tenant Name parameter will be automatically appended to https://login.microsoftonline.com to complete the URL and set the default Graph Authority - i.e., https://login.microsoftonline.com/<Tenant_Name/ID>. This default setting indicates that Microsoft Entra ID will handle the authentication and authorization process. |
|
Domain Name, Domain User Name, Domain Password, and Confirm Password |
These parameters are applicable only if the eG agent needs to communicate with the Office 365 portal via a Proxy server. In this case, in the Domain Name text box, specify the name of the Windows domain to which the eG agent host belongs. In the Domain User Name text box, mention the name of a valid domain user with login rights to the eG agent host. Provide the password of that user in the Domain Password text box and confirm that password by retyping it in the Confirm Password text box. On the other hand, if the eG agent is not behind a Proxy server, then you need not disturb the default setting of these parameters. By default, these parameters are set to none. |
|
Proxy Host, Proxy Port, Proxy User Name, and Proxy Password |
These parameters are applicable only if the eG agent needs to communicate with the Office 365 portal via a Proxy server. In this case, provide the IP/host name and port number of the Proxy server that the eG agent should use in the Proxy Host and Proxy Port parameters, respectively. If the Proxy server requires authentication, then specify the credentials of a valid Proxy user against the Proxy User Name and Proxy Password text boxes. Confirm that password by retyping it in the Confirm Password text box. If the Proxy server does not require authentication, then specify none against the Proxy User Name, Proxy Password, and Confirm Password text boxes. On the other hand, if the eG agent is not behind a Proxy server, then you need not disturb the default setting of any of the Proxy-related parameters. By default, these parameters are set to none. |
|
Date format |
The eG agent running this test pulls date/time information from Office 365 and displays the same as part of detailed diagnosis. The default date format in Office 365 is yyyy-MM-dd HH:mm:ss. Accordingly, the value of this parameter is set to yyyy-MM-dd HH:mm:ss. If the date format is changed in Office 365, then you can override the default setting of this parameter. |
|
DD Frequency |
Refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 1:1. This indicates that, by default, detailed measures will be generated every time the test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD Frequency. |
|
Detailed Diagnosis |
To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option. The option to selectively enabled/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:
|
| Measurement | Description | Measurement Unit | Interpretation | ||||||
|---|---|---|---|---|---|---|---|---|---|
|
Licensed users |
Indicates the number of users who have been assigned this product's license. |
Number |
This indicates how many licenses of a product have been consumed. |
||||||
|
Purchased units |
Indicates the number of licenses of this product that have been purchased. |
Number |
|
||||||
|
Warning units |
Indicates the number of licenses of this product that you have not renewed, and that will expire after the 30-day grace period. |
Number |
A high value for this measure is indicative of a potential license shortage, as many licenses may expire at the end of 30 days. You may want to renew the licenses that are nearing expiry to bring this count down and to ensure that sufficient licenses are always available. |
||||||
|
Remaining units |
Indicates the number of licenses of this product that are yet to be assigned to users. |
Number |
The value of this measure is the difference between the value of the Purchased units and the Licensed users measure. A high value is ideal for this measure. Compare the value of this measure across products to know which product's licenses have been over-utilized and are nearing exhaustion. |
||||||
|
Days to expire |
Indicates the number of days within which this product's licenses will expire. |
Number |
Lower the value of this measure, sooner a product's licenses will expire. If this value is very low, it implies that license will expire very soon. To continue using the product, you will have to renew the license. Use the detailed diagnosis of this measure to know when exactly the license is expected to expire. |
||||||
|
License usage |
Indicates the percent usage of the licenses of this product. |
Percent |
A value close to 100% indicates that users of this product may soon run out of licenses. You may want to plan for purchasing additional licenses of this product in this case. |
||||||
|
Is this a trial license? |
Indicates whether/not this product's license is a trial license |
|
If a product's license is a trial license, then the value of this measure will be Yes. If not, then this measure will report the value No. The numeric values that correspond to these measure values are as follows:
Note: By default, this measure reports the Measure Values listed in the table above to indicate whether/not a license is a trial license. In the graph of this measure however, the same is indicated using the numeric equivalents only. |
The detailed diagnosis of the Days to expire measure reveals when the license is expected to expire.
Figure 9 : The detailed diagnosis of the Days to expire measure
