Site Administration Activities Report

In SharePoint Online environments, there may exist multiple administrators (for e.g., Global Administrators, SharePoint Administrators). Each administrator has his/her own privileges and restrictions. There may always be a probability that changes made by one administrator get inadvertently overridden by another! To analyse the changes made across SharePoint Online over a period of time, and most importantly, to identify which administrator effected what change, eG Enterprise offers the Site Administration Activities report. This report helps administrators in auditing the administrative operations performed on SharePoint Online over a period of time, identify the administrators who effected the changes, the clients from which the changes were performed and the sites that were impacted.

To generate the report, do the following:

  1. Follow the menu sequence: REPORTS BY FUNCTION -> Domain-specific Reports -> Microsoft SharePoint -> Site Administration Activities.

  2. Figure 1 then appears. In Figure 1, select a criteria for analysis from the Analyze By list box.

    Figure 1 : Specifying the criteria for generating the Site Administration Activities report

  3. Using this report, you can analyze the site administration activities performed by users on one/more managed components, or those that are part of a zone, service or segment. The options provided by the Analyze By list box are discussed hereunder:

    • Component: Select this option to choose the component(s) from across all the managed components in the environment.
    • Zone: To generate a report for one/more components that are included in a zone, pick the Zone option. A Zone drop-down list will then appear, from which you would have to select the zone to which the components of interest to you belong. A Sub zone flag also appears. Indicate whether the components present within the sub-zones of the chosen zone are also to be to be considered for report generation, by setting the Sub zone flag to Yes.
    • Segment: If you want to generate a report for one/more chosen components that belong to a segment, select the Segment option from Analyze By list box, and then pick the Segment from the drop-down list that appears.
    • Service: If you want to generate a report for one/more components involved in the delivery of a service, select the Service option from Analyze By, and then pick the required Service from the drop-down list that appears.
  4. Choose a Component Type for which the report is to be generated.
  5. The Components list will now be populated with all the components that are managed in your environment for the chosen component type. If the Components list consists of too many components, then viewing all the components and selecting the ones you need for report generation could require endless scrolling. To avoid this, you can click the button next to the Components list. A Components pop up window will then appear using which you can view almost all the components in a single interface and Select the ones to be included in this report.

  6. Then, specify the Timeline for generating this report. You can either provide a fixed time line such as 1 hour, 2 days, etc., or select the Any option from the list to provide a From and To date/time for report generation.

    Note:

    For every user registered with the eG Enterprise system, the administrator can indicate the maximum timeline for which that user can generate a report. Once the maximum timeline is set for a user, then, whenever that user logs into eG Reporter and attempts to generate a report, the Timeline list box in the report page will display options according to the maximum timeline setting of that user. For instance, if a user can generate a report for a maximum period of 3 days only, then 3 days will be the highest option displayed in the Timeline list - i.e., 3 days will be the last option in the fixed Timeline list. Similarly, if the user chooses the Any option from the Timeline list and proceeds to provide a start date and end date for report generation using the From and To specifications, eG Enterprise will first check if the user's Timeline specification conforms to his/her maximum timeline setting. If not, report generation will fail. For instance, for a user who is allowed to generate reports spanning over a maximum period of 3 days only, the difference between the From and To dates should never be over 3 days. If it is, then, upon clicking the Run Report button a message box will appear, prompting the user to change the From and To specification.

  7. In addition to the settings discussed above, this report comes with a set of default specifications. These settings are hidden by default. If you do not want to disturb these default settings, then you can proceed to generate the report by clicking the Run Report button soon after you pick one/more components for report generation. However, if you want to view and then alter these settings (if required), click on the icon. The default settings will then appear in the MORE OPTIONS drop down window (See Figure 2). The steps below discuss each of these settings and how they can be customized.

    Figure 2 : The default settings for generating the report

  8. If the timeline specified for the report needs to exclude the data collected during the Weekends, then set Exclude weekends to Yes. If not, select No.

    Note:

    By default, the weekend constitutes Saturday and Sunday. To override this default setting, do the following:

    • Edit the eg_report.ini file in the <EG_INSTALL_DIR>\manager\config directory.
    • In the [EXCLUDE_WEEKEND] section of the file, the Days parameter is set to Saturday,Sunday by default. You can modify this by setting the Days parameter to a comma-separated list of other days of the week - say Friday,Saturday.
    • Save the file after making the required changes.

  9. Next, indicate the report Time period.

    Note:

    By default, the Time period is set to 24 hours. Accordingly, the From and To parameters in the [timeframe] section of the eg_report.ini file (in the <eg_install_dir>\manager\config directory) are set to 00:00 and 24:00 respectively. If need be, you can override this default setting by configuring a different timeframe against the From and/or To parameters. 

  10. In large environments, reports generated using months of data can take a long time to complete. Administrators now have the option of generating reports on-line or in the background. When a report is scheduled for background generation, administrators can proceed with their other monitoring, diagnosis, and reporting tasks, while the eG manager is processing the report. This saves the administrator valuable time. To schedule background processing of a report, you can either select the Background Save - PDF option from the Report Generation list. To process reports in the foreground, select the Foreground Generation - HTML option from this list.

    Note:

    • The Report Generation list will appear only if the EnableBackgroundReport flag in the [BACKGROUND_PROCESS] section of the eg_report.ini file (in the <EG_INSTALL_DIR>\manager\config directory) is set to Yes.
    • The default selection in the Report Generation list will change according to the Timeline specified for the report. If the Timeline set is greater than or equal to the number of days specified against the MinDurationForReport parameter in the [BACKGROUND_PROCESS] section of the eg_report.ini file, then the default selection in the Report Generation list will be Background Save - PDF. On the other hand, if the Timeline set for the report is lesser than the value of the MinDurationForReport parameter, then the default selection in the Report Generation list will be Foreground. This is because, the MinDurationForReport setting governs when reports are to be processed in the background. By default, this parameter is set to 2 weeks - this indicates that by default, reports with a timeline of 2 weeks and above will be processed in the background.
  11. Click the Done button if any changes were made to the More Options drop down window.
  12. Finally, click the Run Report button to generate the report.

  13. If the Report type is Foreground Generation - HTML, then Figure 3 will appear as soon as you click the Run Report button.

    Figure 3 : The generated Site Administration Activities Report

  14. The generated report (see Figure 3) contains the following sections:

    • The Summary section provides an at-a-glance view of the number of times administrators allowed other users to create groups on the Microsoft SharePoint Online organization, the number of times administrators created site collections, the number of times administrators modified site permissions and the number of times users requested to be added as site collection administrators to a site collection. Using this section, administrators can easily identify the type of administration activity was performed by the users frequently.
    • A series of bar graphs appearing below the Summary section (see Figure 3) reveals the top 10 administrative users performing operations and the top 10 unique administrative operations that were frequently performed over a period of time. The top 10 client IPs from which the administrators initiated their administrative operations and the top 10 sites on which the administrative operations were performed can also be ascertained with ease.

    • The Top 10 Unique Users by Operations section (see Figure 4) reveals the administrators who performed different administrative operations on SharePoint Online in the chosen time period. For each administrator, the operations performed by that admin, the number of times the operations were performed, and the client from which that operation was initialized are revealed. This may reveal if two/more administrators made conflicting changes. This will also reveal performance - or UX-impacting changes that were made and the administrator who made them. Changes made with malicious intent may also surface in the process.

      Figure 4 : The Top 10 Unique Users by Operations section in the generated report

    • The Top 10 Unique Destinations by Operations section (see Figure 5) reveals the destination URLs of the administrative operations performed over a period of time. For each URL, the specific operations that resulted in that URL and the number of times the operations were performed are reported.

      Figure 5 : The Top 10 Unique Destinations by Operations section in the generated report

    • The Top 10 Unique User Agent by Operations section (see Figure 6) lists the user-agent strings of browsers used by users for performing the administrative operations over a chosen time period. For each user-agent string, the detailed metrics further reveals the number of operations performed using that browser. This will help administrators to identify the browser that was used most often to perform such operations.

      Figure 6 : The Top 10 Unique User Agent by Operations section in the generated report

    • To know which type of items - i.e., whether a file/folder/web/site/tenant/document library- was the target of the maximum number of administrative operations in the chosen time period, use the Top 10 Affected Item Types by Operations section (see Figure 7). For each item type, this section reveals the specific operations performed on that type and the number of times the operations were performed.

      Figure 7 : The Top 10 Affected Item Types by Operations section in the generated report

    • The Site Administration Operation Details section (see Figure 8) provides the exact count of administrative operations performed for each category in the chosen time period. This will help administrators figure out the administrative activity that was performed more frequently.

      Figure 8 : The Site Administration Operation Details section in the generated report