Pre-requisites for Monitoring Microsoft Office 365 Environments

Before attempting to monitor Microsoft Office 365 or any of its cloud-based service offerings (eg., Exchange Online, SharePoint Online etc.), you need to make sure that certain pre-requisites are fulfilled. The general pre-requisites for Office 365 monitoring are as follows:

  1. The eG agent should be deployed on a remote host running one of the following Windows versions:

    • Windows Server 2022
    • Windows Server 2016
    • Windows Server 2019
    • Windows 11
    • Windows 10
    • Windows 8.1
  2. The Windows system hosting the remote agent should have internet connection.
  3. .NET 4.8 (or above) should pre-exist on the eG agent host.
  4. Windows Management Framework (WMF) 5.1.22 (or above) should be installed on the eG agent host
  5. The following modules/packages are required on the eG agent host:

    • The Microsoft Azure Active Directory Module for Windows PowerShell;

    • Exchange Online Management Module, which is essential for monitoring Exchange Online;

    • SharePoint Online Management Shell, which is key for monitoring SharePoint Online;

    • Version 1.10 of the module Pnp.PowerShell , which is essential for monitoring SharePoint Online and OneDrive;

    • Teams Network Assessment Tool, which helps with Microsoft Teams monitoring;

    • Microsoft Teams Module, which is important for Microsoft Teams monitoring;

    You can manually install these modules/packages on the eG agent host. To know how, refer to theManually Installing Packages/Modules Required for Monitoring Office 365 Environmentstopic.

    Alternatively, you can use the proprietary PowerShell script that eG Enterprise provides to automatically install the above-mentioned modules/packages on the eG agent host. To know which script to use and how, refer to theAutomatically Fulfilling Pre-requisites For Monitoring Microsoft Office 365 Environmentstopic.

  6. To ensure secure communication between the eG agent and the monitored Office 365 tenant, you need to enable Certificate-based authentication for that Office 365 tenant. In Certificate-based authentication, a Digital Certificate is used to identify a user, machine, or device before granting access to a resource, network, application, etc. eG Enterprise supports Microsoft Entral ID certificate-based authentication. Microsoft Entral ID certificate-based authentication (CBA) requires users to authenticate with X.509 certificates against their Microsoft Entral ID for applications and browser sign-in. By enabling certificate-based authentication for an Office 365 tenant, you can have the eG agent access that tenant and its resources, by identifying itself using an X.509 certificate.

    You can either manually enable certificate-based authentication for a tenant, via the Office 365 portal, or can do it automatically, using Powershell scripts that eG provides. For the manual procedure, refer to theManually Enabling Certificate-based Authentication For an Office 365 Tenanttopic. To know how to achieve the same automatically, refer to theAutomatically Fulfilling Pre-requisites For Monitoring Microsoft Office 365 Environmentstopic

  7. To enable the eG agent to monitor service health, Message Center communications, channels, chats, Teams communication, Yammer, and user activity, the Microsoft GraphApp needs to be registered on Microsoft Entra ID, with a specific set of permissions. To know what these permissions are and which tests require these permissions, refer to eG Tests Requiring Microsoft Graph App Permissions.

  8. This App can be created manually or using the proprietary PowerShell script that eG Enterprise provides. For the manual procedure, refer to Registering the Microsoft Graph App On Microsoft Entra ID. To use the PowerShell script, refer to Automatically Fulfilling Pre-requisites For Monitoring Microsoft Office 365 Environments.

  9. Once the Microsoft Graph App is registered with the required permissions, allow the App to access specific mailboxes alone. This can be achieved either manually or using eG's proprietary PowerShell script. For the manual procedure, refer to the Manually Limiting MS Graph App's Mailbox Access topic. On the other hand, to achieve this through the script, refer to Automatically Fulfilling Pre-requisites For Monitoring Microsoft Office 365 Environments.
  10. A special O365 user is required for monitoring purposes. Such a user:

    • Should be assigned a valid Office 365 license with Microsoft Teams subscription and Exchange Online Mailbox subscription;

    • Should be allowed Teams Administrator permissions, only if a Microsoft Teams component is to be monitored. Note that tests that check Call Quality will not run if this permission is not granted to the user.

    To automatically create a new user for this purpose, or use an existing O365 user, refer to Automatically Fulfilling Pre-requisites For Monitoring Microsoft Office 365 Environments. To manually create a monitoring user account, refer to Creating a New User in the Office 365 Portal.

  11. A valid sender and receiver mail box is required for monitoring purposes. To automatically create a new mailbox for this purpose, or use an existing mailbox, refer to Automatically Fulfilling Pre-requisites For Monitoring Microsoft Office 365 Environments. To manually create these mailboxes, refer to Office 365 documentation.

  12. To enable the eG tests to run and report metrics using the Microsoft Graph API, the following files should be available on the eG agent host:

    • Microsoft.IdentityModel.Clients.ActiveDirectory.dll

    • Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll

    • Microsoft.IdentityModel.Clients.ActiveDirectory.Platform

    • Microsoft.IdentityModel.Clients.ActiveDirectory

    To know how to make these files available to the eG agent, follow the steps outlined in Making Microsoft Graph API DLL Files Available on the eG Agent Host.

  13. The Office 365 monitoring account should not be 2FA/ MFA enabled. This is because, the eG agent does not support 2FA/MFA presently.