O365 Users Test
Office 365 user accounts and Office 365 licenses do not need to have a one-to-one correspondence: it is possible to have Office 365 users who do not have an Office 365 license, and it is possible to have Office 365 licenses that have not been assigned to a user. Likewise, you can deny a licensed user sign-in rights, and can even delete a user without deleting his/her license. With so many different user configurations possible, its only natural that administrators find it hard to track the license assignment and access settings of each user. This is where the O365 Users test helps. With the help of this test, administrators can quickly determine the count of unlicensed users, deleted users, and those who do not have sign-in rights. Detailed diagnostics reported by this test reveal the names of such users.
Target of the test : Office 365
Agent deploying the test : A remote agent
Outputs of the test : One set of results for the monitored Office 365 tenant
Parameters | Description |
---|---|
Test period |
How often should the test be executed |
Host |
The host for which the test is to be configured. By default, this is portal.office.com |
Tenant Name |
This parameter applies only if you want the eG agent to use Azure AD Certificate-based Authentication for accessing and monitoring an O365 tenant and its resources. Azure AD certificate-based authentication (CBA) enables customers to allow or require users to authenticate with X.509 certificates against their Azure Active Directory (Azure AD) for applications and browser sign-in. When monitoring highly secure Office 365 environments, you can configure the eG agent to identify itself to a tenant using a valid X.509 certificate, so that it is allowed secure access to the tenant and its resources. By default, the value of this parameter is none. This means that, by default, the eG agent does not use certificate-based authentication to connect to an O365 tenant. On the other hand, if you want the eG agent to use this modern authentication technique to securely access a tenant's resources, you should do the following:
|
O365 User Name, O365 Password, and Confirm Password |
For execution, this test requires the privileges of an O365 user who is vested with the View-Only Audit Logs permission. Configure the credentials of such a user against O365 User Name and O365 Password text boxes. Confirm the password by retyping it in the Confirm Password text box. While you can use the credentials of any existing O365 user with the afore-said privileges, it is recommended that you create a special user for monitoring purposes using the Office 365 portal and use the credentials of that user here. To know how to manually create a new user using the Office 365 portal and assign the required privileges to that user, refer to |
O365 Domain |
To have a personalized business email address, team site address, or even an account name, you set up a domain name with Office 365. A domain is a unique name that appears after the @ sign in email addresses, and after www. in web addresses. It typically takes the form of your organization's name and a standard Internet suffix, such as yourbusiness.com or stateuniversity.edu. Office 365 gives you an initial domain name to use. By default, this will be of the format: *.onmicrosoft.com - eg., abc.onmicrosoft.com. To enable this test to pull metrics, you need to configure the test with the name of this initial domain. Therefore, configure the O365 Domain parameter with the name of the initial domain. To know what is your Office 365 initial domain name, do the following:
|
Domain, Domain User Name, Domain Password, and Confirm Password |
These parameters are applicable only if the eG agent needs to communicate with the Office 365 portal via a Proxy server. In this case, in the Domain text box, specify the name of the Windows domain to which the eG agent host belongs. In the Domain User Name text box, mention the name of a valid domain user with login rights to the eG agent host. Provide the password of that user in the Domain Password text box and confirm that password by retyping it in the Confirm Password text box. On the other hand, if the eG agent is not behind a Proxy server, then you need not disturb the default setting of these parameters. By default, these parameters are set to none. |
Proxy Host, Proxy Port, Proxy User Name, and Proxy Password |
These parameters are applicable only if the eG agent needs to communicate with the Office 365 portal via a Proxy server. In this case, provide the IP/host name and port number of the Proxy server that the eG agent should use in the Proxy Host and Proxy Port parameters, respectively. If the Proxy server requires authentication, then specify the credentials of a valid Proxy user against the Proxy User Name and Proxy Password text boxes. Confirm that password by retyping it in the Confirm Password text box. If the Proxy server does not require authentication, then specify none against the Proxy User Name, Proxy Password, and Confirm Password text boxes. On the other hand, if the eG agent is not behind a Proxy server, then you need not disturb the default setting of any of the Proxy-related parameters. By default, these parameters are set to none. |
DD Frequency |
Refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 1:1. This indicates that, by default, detailed measures will be generated every time the test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD Frequency. |
Detailed Diagnosis |
To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option. The option to selectively enabled/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:
|
Measurement | Description | Measurement Unit | Interpretation |
---|---|---|---|
Unlicensed users |
Indicates the number of users who have not been assigned a license. |
Number |
When you create a new Office 365 user account, you don't have to assign that user a license: the new user will have a valid account, but he or she won't be able to sign in to Office 365. To know which users have not been assigned a license, use the detailed diagnosis of this measure. |
Deleted users |
Indicates the number of users who have been removed. |
Number |
Use the detailed diagnosis of this measure to know which user accounts have been deleted. When deleting a user, you can choose to retain the user license or even remove the license along with the user account. The latter is cost-effective as you do not have to continue paying for an unused license. Alternatively, you can even assign the deleted license to another user, thus leveraging your existing investments in Office 365. |
Users with non-expiring passwords |
Indicates the number of users whose password has been set to never expire. |
Number |
Use the detailed diagnosis to know which users have been configured with passwords that never expire. |
Users with password nearing expiry |
Indicates the number of users whose password is about to expire. |
Number |
This measure will be reported only if the test is run by the administrator who has Global Administrative privileges. |
Sign-in denied users |
Indicates the number of users whose sign-in status has been blocked. |
Number |
To know which users have been denied sign-in rights, use the detailed diagnosis of this measure. |
Sign-in allowed users |
Indicates the number of users whose sign-in status has been blocked. |
Number |
|
The detailed diagnosis of the Unlicensed users measure reveals the principal name and display name of each of the unlicensed users. This way, you can quickly identify which users have yet to be assigned a license.
Figure 1 : The detailed diagnosis of the Unlicensed users measure
Using the detailed diagnosis of the Deleted users measure, you can at-a-glance identify the users who have been deleted and the locations from which they have been deleted.
Figure 2 : The detailed diagnosis of the Deleted users measure
The detailed diagnosis of the Users with non-expiring passwords measure reveals the principal name and sign-in name of the users who have been configured with non-expiring passwords. Additionally, the detailed metrics reveal the location of the user and the Office 365 product to which he/she has been assigned a license.
Figure 3 : The detailed diagnosis of the Users with Non-Expiring Passwords measure