O365 License Usage Test

When you buy an Office 365 subscription, you specify the number of licenses that you need, based on how many people you have in your organization. The validity and usage of these licenses needs to be tracked closely, so that any potential license shortage / expiry can be proactively detected and prevented. This is because, without adequate licenses, your users will not be able to use the Office 365 product, or the applications/services they have subscribed for under that product. This is where the License Usage test helps!

This test auto-discovers the Office 365 products you have subscribed to and groups the products on the basis of the license type - active or suspended. Product licenses that have been purchased and are available for assignment to users are grouped under 'Active licenses'. Product licenses that are not available for assignment to users are grouped under 'Suspended licenses'.

For each product under these categories, the test reports the count of licenses purchased, assigned to users, and yet to be assigned to users. On the basis of these usage values, the test also auto-computes and reports the overall license usage percentage, thus proactively alerting to any potential license shortage. The test also reports the count of licenses that will expire shortly, and thus gives you a heads up on impending license expiry.

Target of the test : Office 365

Agent deploying the test : A remote agent

Outputs of the test : One set of results for each Office 365 product that you have subscribed for

First-level descriptor: License type - Active or Suspended

Second-level descriptor: Office 365 product

Configurable parameters for the test
Parameters Description

Test period

How often should the test be executed

Host

The host for which the test is to be configured. By default, this is portal.office.com

Tenant Name

This parameter applies only if you want the eG agent to use Azure AD Certificate-based Authentication for accessing and monitoring an O365 tenant and its resources.

Azure AD certificate-based authentication (CBA) enables customers to allow or require users to authenticate with X.509 certificates against their Azure Active Directory (Azure AD) for applications and browser sign-in. When monitoring highly secure Office 365 environments, you can configure the eG agent to identify itself to a tenant using a valid X.509 certificate, so that it is allowed secure access to the tenant and its resources.

By default, the value of this parameter is none. This means that, by default, the eG agent does not use certificate-based authentication to connect to an O365 tenant.

On the other hand, if you want the eG agent to use this modern authentication technique to securely access a tenant's resources, you should do the following:

  1. Enable Azure AD Certificate-based authentication for the target O365 tenant; this can be achieved manually, via the Office 365 portal, or automatically, using Powershell scripts we provide. For the manual procedure, refer to Manually Enabling Certificate-based Authentication For an Office 365 Tenant. For the automatic procedure, refer to Automatically Fulfilling Pre-requisites in a Modern Authentication-Enabled Environment.

    When enabling certificate-based authentication, an X.509 certificate will be generated for the target tenant.

  2. Configure the Tenant Name parameter with the name of the tenant for which certificate-based authentication is enabled. Using the tenant name, the eG agent will be able to read the details of the X.509 certificate that is generated for that tenant, and use that certificate to access that tenant's resources. To determine the tenant name, do the following:

    • Log in to the Microsoft 365 Admin Center as an administrator.

    • Under Setup, click on Domains.

    • Find a domain that ends with .onmicrosoft.com - this is your Microsoft O365 tenant name.

O365 User Name, O365 Password, and Confirm Password

These parameters need to be configured only if the Tenant Name parameter is set to none. On the other hand, if a valid Tenant Name is configured, then you should set these parameters to none .

For execution, this test requires the privileges of an O365 user who is vested with the View-Only Audit Logs permission. Configure the credentials of such a user against O365 User Name and O365 Password text boxes. Confirm the password by retyping it in the Confirm Password text box.

While you can use the credentials of any existing O365 user with the afore-said privileges, it is recommended that you create a special user for monitoring purposes using the Office 365 portal and use the credentials of that user here. To know how to manually create a new user using the Office 365 portal and assign the required privileges to that user, refer to theCreating a New User in the Office 365 Portaltopic. You can also use eG's proprietary PowerShell script to automatically create a new user, or assign the required privileges to an existing user. To know how to use this script, refer to theAutomatically Fulfilling Pre-requisites in a Basic Authentication-Enabled Environmenttopic.

O365 Domain

This parameter needs to be configured only if the Tenant Name parameter is set to none. On the other hand, if a valid Tenant Name is configured, then you should set this parameter to none .

To have a personalized business email address, team site address, or even an account name, you set up a domain name with Office 365. A domain is a unique name that appears after the @ sign in email addresses, and after www. in web addresses. It typically takes the form of your organization's name and a standard Internet suffix, such as yourbusiness.com or stateuniversity.edu. Office 365 gives you an initial domain name to use. By default, this will be of the format: *.onmicrosoft.com - eg., abc.onmicrosoft.com. To enable this test to pull metrics, you need to configure the test with the name of this initial domain. Therefore, configure the O365 Domain parameter with the name of the initial domain. To know what is your Office 365 initial domain name, do the following:

  1. Log on to the Microsoft Office 365 Online Portal using an administrative account.
  2. Under Management, click on Domains.
  3. The initial domain should be listed with a name ending with .onmicrosoft.com.

Domain, Domain User Name, Domain Password, and Confirm Password

These parameters are applicable only if the eG agent needs to communicate with the Office 365 portal via a Proxy server.

In this case, in the Domain text box, specify the name of the Windows domain to which the eG agent host belongs. In the Domain User Name text box, mention the name of a valid domain user with login rights to the eG agent host. Provide the password of that user in the Domain Password text box and confirm that password by retyping it in the Confirm Password text box.

On the other hand, if the eG agent is not behind a Proxy server, then you need not disturb the default setting of these parameters. By default, these parameters are set to none.

Proxy Host, Proxy Port, Proxy User Name, and Proxy Password

These parameters are applicable only if the eG agent needs to communicate with the Office 365 portal via a Proxy server.

In this case, provide the IP/host name and port number of the Proxy server that the eG agent should use in the Proxy Host and Proxy Port parameters, respectively.

If the Proxy server requires authentication, then specify the credentials of a valid Proxy user against the Proxy User Name and Proxy Password text boxes. Confirm that password by retyping it in the Confirm Password text box. If the Proxy server does not require authentication, then specify none against the Proxy User Name, Proxy Password, and Confirm Password text boxes.

On the other hand, if the eG agent is not behind a Proxy server, then you need not disturb the default setting of any of the Proxy-related parameters. By default, these parameters are set to none.

DD Frequency

Refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 1:1. This indicates that, by default, detailed measures will be generated every time the test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD Frequency.

Detailed Diagnosis

To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option. The option to selectively enabled/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:

  • The eG manager license should allow the detailed diagnosis capability
  • Both the normal and abnormal frequencies configured for the detailed diagnosis measures should not be 0.
Measurements made by the test
Measurement Description Measurement Unit Interpretation

Licensed users

Indicates the number of users who have been assigned this product's license.

Number

This indicates how many licenses of a product have been consumed.

Purchased units

Indicates the number of licenses of this product that have been purchased.

Number

Warning units

Indicates the number of licenses of this product that you have not renewed, and that will expire after the 30-day grace period.

Number

A high value for this measure is indicative of a potential license shortage, as many licenses may expire at the end of 30 days. You may want to renew the licenses that are nearing expiry to bring this count down and to ensure that sufficient licenses are always available.

Remaining units

Indicates the number of licenses of this product that are yet to be assigned to users.

Number

The value of this measure is the difference between the value of the Purchased units and the Licensed users measure.

A high value is ideal for this measure.

Compare the value of this measure across products to know which product's licenses have been over-utilized and are nearing exhaustion.

Days to expire

Indicates the number of days within which this product's licenses will expire.

Number

Lower the value of this measure, sooner a product's licenses will expire.

If this value is very low, it implies that license will expire very soon. To continue using the product, you will have to renew the license.

Use the detailed diagnosis of this measure to know when exactly the license is expected to expire.

License usage

Indicates the percent usage of the licenses of this product.

Percent

A value close to 100% indicates that users of this product may soon run out of licenses. You may want to plan for purchasing additional licenses of this product in this case.

Is this a trial license?

Indicates whether/not this product's license is a trial license

If a product's license is a trial license, then the value of this measure will be Yes. If not, then this measure will report the value No.

The numeric values that correspond to these measure values are as follows:

Measure Value Numeric Value
Yes 1
No 2

Note:

By default, this measure reports the Measure Values listed in the table above to indicate whether/not a license is a trial license. In the graph of this measure however, the same is indicated using the numeric equivalents only.

The detailed diagnosis of the Days to expire measure reveals when the license is expected to expire.

Figure 9 : The detailed diagnosis of the Days to expire measure