How to Manually Fulfill Pre-requisites for Monitoring SharePoint Online?
The eG agent runs Powershell cmdlets to pull a few metrics from SharePoint Online. To enable the eG agent to run these cmdlets, the following need to be installed and run on the eG agent host:
- A 64-bit version of the Microsoft Online Services Sign-in Assistant for IT Professionals RTW: You can download its installable from the URL : https://download.microsoft.com/download/7/1/E/71EF1D05-A42C-4A1F-8162-96494B5E615C/msoidcli_64bit.msi. After downloading, use the installable to install the sign-in assistant, and then start it.
A 64-bit version of the Microsoft Azure Active Directory Module for Windows PowerShell: To install this module, do the following:
- First, install the PackageManagement and PowerShellGet modules on the eG agent host. You can download the installable from the URL: https://download.microsoft.com/download/C/4/1/C41378D4-7F41-4BBE-9D0D-0E4F98585C61/PackageManagement_x64.msi
- Once the PackageManagement and PowerShellGet modules are successfully installed, open Windows PowerShell ISE in elevated mode on the eG agent host.
Figure 210 : Installing the Microsoft Azure Active Directory Module for Windows PowerShell
To run PowerShell cmdlets for metrics collection, the eG agent requires the privileges of a user who has been assigned the Service support admin and SharePoint admin roles and is vested with the View-Only Audit Logs permission. For this purpose, each test the eG agent runs on SharePoint Online should be configured with the credentials of a user who has been assigned the aforesaid roles and permission.
While you can use the credentials of any existing O365 user with the aforesaid privileges, it is recommended that you create a special user for monitoring purposes using the Office 365 portal and configure the eG tests with the credentials of that user. To know how to create a new user using the Office 365 portal and assign the required privileges to that user, refer to Creating a New User in the Office 365 Portal topic.
To enable the eG agent to monitor the SharePoint Online service health, site usage, Message Center communications, and user activity, you need to ensure that the Microsoft Graph App is installed on Azure Active Directory (AD), with the following permissions:
- ServiceHealth.Read permission, which will allow the app to read the service health information for your organization;
- MyFiles.Read permission, which will allow the app to read from and write to user files;
- Sites.Read.All permission, which will allow the app to read items in all site collections;
- User.Read permission, which will allow the app to sign in and read the user profile;
- Group.Read.All permission, which will allow the app to read all groups;
- User.Read.All permission, which will enable the app to read the full profile of all users;
Reports.Read.All permission, which will permit the app to read all usage reports;
The steps for manually installing this app and granting the aforesaid permissions are detailed in Installing the Microsoft Graph App On Microsoft Azure Active Directory