Pre-requisites for Monitoring Microsoft Office 365 Environments

Before attempting to monitor Microsoft Office 365 or any of its cloud-based service offerings (eg., Exchange Online, SharePoint Online etc.), you need to make sure that certain pre-requisites are fulfilled. The table below briefly discusses these requirements and their purpose. Each of the requirements can be fulfilled either manually, or automatically using a proprietary PowerShell script that eG Enterprise provides. The manual procedure varies with every requirement - so, the URL detailing the manual procedure (if available) is provided alongside each requirement in the table.

S. No.	Requirement	Description	Link for Manual Procedure
1.	Agent Host Requirements	Ensure that the target eG agent host fulfills the prescribed OS, software, and O365 module/package requirements	Manually Installing Packages/Modules Required for Monitoring Office 365 Environments
2.	Requirements for Enabling Secure Office 365 Monitoring	Enable certificate-based authentication for the target Office 365 tenant	Manually Enabling Certificate-based Authentication For an Office 365 Tenant
3.	Registering Microsoft Graph App for Office 365 Monitoring	Register Microsoft Graph App on Microsoft Entra, with a specific set of permissions	Registering the Microsoft Graph App On Microsoft Entra ID
4.	Restricting Microsoft Graph App Access to Mailboxes	Allow the Microsoft Graph App you create to access specific mailboxes alone	Manually Limiting MS Graph App's Mailbox Access
5.	Creating Office 365 User for Monitoring	Create a special monitoring user with a valid O365 license and specific monitoring permissions	Creating a New User in the Office 365 Portal
6.	Configuring Sender and Receiver Mailboxes	Configure a valid sender and receiver mail box for monitoring	Refer to official Office 365 documentation
7.	Disabling 2FA/MFA for the Office 365 Monitoring Account	Disable 2FA/MFA for the target Office 365 monitoring account	Refer to official Office 365 documentation

On the other hand, if you choose to fulfill requirements 1-5 in the table above automatically, refer to theAutomatically Fulfilling Pre-requisites For Monitoring Microsoft Office 365 Environmentstopic.

To know more about the requirements above, read on.

1. Agent Host Requirements for eG Agent Deployment

1. The eG agent should be deployed on a remote host running one of the following Windows versions:

   • Windows Server 2022
   • Windows Server 2016
   • Windows Server 2019
   • Windows 11
   • Windows 10
   • Windows 8.1
2. The Windows system hosting the remote agent should have internet connection.
3. .NET 4.8 (or above) should pre-exist on the eG agent host.
4. Windows Management Framework (WMF) 5.1.22 (or above) should be installed on the eG agent host

5. The following modules/packages are required on the eG agent host:

   • The Microsoft.Graph module;

   • Exchange Online Management Module, which is essential for monitoring Exchange Online;

   • SharePoint Online Management Shell, which is key for monitoring SharePoint Online;

   • Version 1.10 of the module Pnp.PowerShell , which is essential for monitoring SharePoint Online and OneDrive;

   • Teams Network Assessment Tool, which helps with Microsoft Teams monitoring;

   • Microsoft Teams Module, which is important for Microsoft Teams monitoring;

   You can manually install these modules/packages on the eG agent host. To know how, refer to thetopic .

2. Requirements for Enabling Secure Office 365 Monitoring

To ensure secure communication between the eG agent and the monitored Office 365 tenant, you need to enable Certificate-based authentication for that Office 365 tenant. In Certificate-based authentication, a Digital Certificate is used to identify a user, machine, or device before granting access to a resource, network, application, etc. eG Enterprise supports Microsoft Entra certificate-based authentication. Microsoft Entra certificate-based authentication (CBA) requires users to authenticate with X.509 certificates against their Microsoft Entra for applications and browser sign-in. By enabling certificate-based authentication for an Office 365 tenant, you can have the eG agent access that tenant and its resources, by identifying itself using an X.509 certificate.

3. Registering Microsoft Graph App for Office 365 Monitoring

To enable the eG agent to monitor service health, Message Center communications, channels, chats, Teams communication, Yammer, and user activity, the Microsoft GraphApp needs to be registered on Microsoft Entra, with a specific set of permissions. To know what these permissions are and which tests require these permissions, refer to eG Tests Requiring Microsoft Graph App Permissions.

4. Restricting Microsoft Graph App Access to Specific Mailboxes

Once the Microsoft Graph App is registered with the required permissions, allow the App to access specific mailboxes alone.

5. Creating Office 365 User for Monitoring

A special O365 user is required for monitoring purposes. Such a user:

• Should be assigned a valid Office 365 license with Microsoft Teams subscription and Exchange Online Mailbox subscription;

• Should be allowed Teams Communication Support Engineer permissions, only if a Microsoft Teams component is to be monitored. Note that tests that check Call Quality will not run if this permission is not granted to the user.

6. Configuring Sender and Receiver Mailboxes for Monitoring

A valid sender and receiver mail box is required for monitoring purposes.

7. Disabling 2FA/MFA for the Office 365 Monitoring Account

The Office 365 monitoring account should not be 2FA/ MFA enabled. This is because, the eG agent does not support 2FA/MFA presently.