Support Center Home


Microsoft Office 365 Monitoring

Overview

Microsoft ​​Office 365 is a line of cloud-based software offered by Microsoft as part of the Microsoft Office product line. LogicMonitor offers out-of-the-box monitoring for Office 365. With LogicMonitor’s Office 365 package, you can monitor the state of your Microsoft Office 365 deployment and the underlying services and license usage, allowing you to quickly identify faults and manage performance and license utilization accordingly.

Note: LogicMonitor also offers monitoring for the Microsoft Exchange server. See Microsoft Exchange Monitoring for more information.

Setup Requirements

Add Resource Into Monitoring

Add your Microsoft Office 365 host into monitoring. As cloud-based software, there is no physical resource to add into monitoring so simply create a new resource with “outlook.office.com” as the IP address/DNS name. Be sure to assign a Windows-based Collector or Collector group to the resource. For more information on manually adding resources into monitoring, see Adding Devices.

Create Credentials for Office 365

LogicMonitor must provide the appropriate credentials in order to successfully access Office 365. These credentials must belong to an Office 365 user account with the “Global reader” role assigned. The following roles are required:

  • Reports reader
  • Message Center reader
  • Message Center Privacy reader
  • Tenant admin (required for SharePoint)

For more information on adding users, see Microsoft’s Office 365 documentation.

Once the user account is created, log into Microsoft’s Exchange Admin Center and add the new user to the “View-Only Organization Management” Exchange role.

Additionally, enter the username and password associated with the new account as properties on the Microsoft Office 365 resource you created within LogicMonitor. As discussed in the Assign Properties to Resource section of this support article, the properties that carry these values are office365.user and office365.pass.

Configure PowerShell

LogicMonitor initiates remote PowerShell sessions to retrieve data from Office 365. There are two PowerShell modules that need to be installed on the Windows Collector host (or hosts if you are monitoring using an Auto-Balanced Collector Group or have a backup Collector) that is associated with your Office 365 resource in LogicMonitor:

Ensure that your Collector(s) can run PowerShell scripts by setting the execution policy to RemoteSigned on the Collector host(s):

Set-ExecutionPolicy RemoteSigned

Set Up Microsoft Graph API

LogicMonitor uses the reports API in Microsoft Graph to collect Office 365 usage data. For more information on Microsoft Graph, see Microsoft Graph documentation.

Follow these steps to register and authorize a new application to call the reports API:

  1. Log into the Azure portal using an administrator account.
  2. Navigate to Enterprise Applications under Azure Active Directory. Click + New Application.
  3. From the Add an application dialog, select “Application you’re developing”.
  4. From the App registrations dialog, click + New registration.
  5. Provide a meaningful name for the application.
  6. Leave all other settings as they are and click Register.
  7. On the Overview page for the new application, locate the following:
    • Application (client) ID. Create a property on the LogicMonitor host named office365.clientid and enter this ID as the property value. (For more information on assigning properties, see the Assign Properties to Resource section of this support article.)
    • Directory (tenant) ID. Create a property on the LogicMonitor host named office365.tenantid and enter this ID as the property value.

      Capturing the clientid and tenantid values

  8. Open the Open the Authentication page for the new application and perform the following steps:
    1. Click + Add a platform to allow access tokens for a web application.

      Authentication page
    2. From the Configure platforms dialog that displays, select “Web”.
    3. On the following Configure Web dialog, enter your LogicMonitor portal URL as the redirect URI.
    4. Check the Access tokens option.
  9. Open the Certificates & secrets page for the new application and perform the following steps:
    1. Click + New client secret and provide a description.
    2. Immediately copy your new client secret value (you will not be able to view it again).
    3. Create a property on the LogicMonitor host named office365.clientsecret.pass and enter the client secret as the property value.
  10. Open the API permissions page for the new application and perform the following steps:
    1. Click + Add a permission.
    2. When the drawer from the right appears, select “Microsoft Graph” and then “Application Permissions”.
    3. Under the Reports heading, check the Reports.Read.All option.
    4. Click Grant admin consent for <domain>.
    5. When finished, two green checkmarks will display confirming that consent has been granted.

Assign Properties to Resource

The following custom properties must be set on the Microsoft Office 365 resource within LogicMonitor. For more information on setting properties, see Resource and Instance Properties.

Important: ​Because this is a cloud resource that relies heavily on the presence of properties for LogicModule association, care should be taken to set this property at the resource level only. Avoid setting these properties at the group or root level to ensure Microsoft Office 365 LogicModules aren’t incorrectly applied to other resources.

Note: If you’ve performed the setup requirements in the previous sections, several of these properties will already be present.

Property Value
office365.clientid The “Application (client) ID” used for Microsoft Graph report retrieval from the reports API. See the Set Up Microsoft Graph API section for details on obtaining this ID.
office365.clientsecret.pass The client secret used for Microsoft Graph report retrieval from the reports API. See the Set Up Microsoft Graph API section for details on obtaining this secret.
office365.tenantid The “Directory (tenant) ID” used for Microsoft Graph report retrieval from the reports API. See the Set Up Microsoft Graph API section for details on obtaining this ID.
office365.tenantname The tenant name used for Microsoft Graph report retrieval from the reports API (example: <customer name>.onmicrosoft.com)

If you need assistance determining your tenant name, we recommend reviewing one of the numerous external articles available on this topic, such as this one from a Microsoft Gold Certified Partner.
office365.user Username for the Office 365 admin account used to access Office 365 data (example: [email protected]<customer name>.onmicrosoft.com). See the Create Credentials for Office 365 section for details on creating this account.

Note: For SharePoint monitoring, the user account must be a SharePoint tenant administrator.
office365.pass Password for the Office 365 admin account used to access Office 365 data. See the Create Credentials for Office 365 section for details on creating this account.
office365.spoadminsite The customer name portion of the URL of the SharePoint admin center. For example, if the SharePoint URL is “westbeachservices-admin.sharepoint.com”, the value of this property would be “westbeachservices”.

Import LogicModules

From the LogicMonitor repository, import all Microsoft Office 365 LogicModules, which are listed in the LogicModules in Package section of this support article. If these LogicModules are already present, ensure you have the most recent version.

Once the LogicModules are imported (assuming all previous setup requirements have been met), the PropertySources will automatically detect the host and assign the appropriate values to the system.categories property. This, in turn, will automatically associate the DataSources (and ConfigSources if supported by your LogicMonitor account) and data monitoring will begin.

Troubleshooting

A few customers have encountered scenarios where DataSources fail if data is behind a proxy. Although we have not been able to definitively verify proxies to be an issue in all cases, we are mentioning it as a possibility to help aid in troubleshooting if proxies are potentially a factor in your environment.

LogicModules in Package

LogicMonitor’s package for Microsoft Office 365 consists of the following LogicModules. For full coverage, please ensure that all of these LogicModules are imported into your LogicMonitor platform.

Note: This package includes ConfigSources (configuration file monitoring LogicModules). If the ability to monitor and alert on configuration files is not currently available in your LogicMonitor platform and you would like to learn more, reach out to your customer success manager. For more information on ConfigSources, see Creating ConfigSources.

Display Name Type Description
addCategory_Office365 PropertySource Identifies if the Office 365 host is configured for Office365 monitoring and, if it is, adds the value of “Office365” to the system.categories property.
addCategory_Office365Reports PropertySource Identifies if the Office 365 host is configured properly to retrieve Graph reports and, if it is, adds the value of “Office365Reports” to the system.categories property.
Microsoft Teams: Device Usage DataSource Monitors the last seven days of Microsoft Teams device usage by number of users.
Microsoft Teams: User Activity DataSource Monitors the last seven days of Microsoft Teams activity.
Office 365 Account Licenses DataSource Monitors Office 365 license usage.
OneDrive: File Counts DataSource Monitors OneDrive total and active files, as well as the time since the report was last updated.
OneDrive: Storage Used DataSource Monitors OneDrive total storage used.
Outlook: Email Activity DataSource Monitors Outlook total and rate counts for read, received and sent emails.
Services: User Activity DataSource Monitors individual Office365 services and their associated user activity.
SharePoint Online: Site Status DataSource Monitors the overall status of the SharePoint site.
SharePoint Online: Site Usage DataSource Monitors SharePoint site usage metrics such as page views, file count, file usage, storage, etc.
Yammer: Device Usage DataSource Monitors Yammer usage by device type.
SharePoint Online: Tenant Config ConfigSource Captures SharePoint Online organization-level tenant config.
Exchange Online: Groups ConfigSource Monitors the config group objects. Returns security groups, mail-enabled security groups, distribution groups, and role groups.
Exchange Online: Mailboxes ConfigSource Monitors the Exchange mailbox configs.
Exchange Online: Management Roles ConfigSource Monitors the Exchange management role objects in your organization.
Exchange Online: Mobile Device Mailbox Policy ConfigSource Monitors Exchange mobile device mailbox policy config.
Exchange Online: Mobile Devices ConfigSource Monitors Exchange mobile device config for identification, configuration, and status information for each mobile device.
Exchange Online: Organization ConfigSource Monitors Exchange organization config.
Exchange Online: OWA Mailbox Policy ConfigSource Monitors Exchange Outlook on the web mailbox policies in the organization.
Exchange Online: Transport Config ConfigSource Monitors Exchange organization-wide transport configuration settings.

When setting static datapoint thresholds on the various metrics tracked by this package’s DataSources, LogicMonitor follows the technology owner’s best practice KPI recommendations. If necessary, we encourage you to adjust these predefined thresholds to meet the unique needs of your environment. For more information on tuning datapoint thresholds, see Tuning Static Thresholds for Datapoints.

Example Use Cases

Next, we’ve highlighted a sample dashboard and some sample monitoring scenarios that could be accomplished with the Office 365 LogicModule package.

Microsoft Office 365 Dashboard

Granular Monitoring of SharePoint

The SharePoint DataSources will monitor multiple SharePoint site instances usage, traffic, storage, and file count, providing granular flexibility when monitoring SharePoint. With the information gleaned, you can decide whether to delete or combine sites that don’t get a lot of traffic but use up a considerable amount of storage.

Service Availability Monitoring

Track the availability of certain services including Exchange sign in, voice mail, email, calendar, Microsoft portal, and billing page. Along with service availability monitoring, the Office365_Reports_ServicesUserActivity DataSource provides the total number of users that are utilizing the applications. The pairing of this information can be useful when prioritizing issues.

License Consumption

The Office365_Account_License DataSource alerts users when licenses are about to expire and also counts the surplus licenses available at any given time. When combined with our forecasting feature, this DataSource can help license capacity planning by indicating when it’s time to increase your license allocation. In the same spirit, the OneDrive DataSources, which track file counts and storage usage, can also provide essential capacity planning information.

User Activity

Using user activity historical data collected across multiple services, such as call volume, meeting attendance, message counts, and so on, you can look into repurposing the licenses of the least active users if you are running low on licenses, or you might find that some licensed users are not in the organization anymore.

There is also device usage breakdown, allowing you to track which devices (Windows, Macs, iPhones, Androids) are most popular within your organization. This data can be useful when testing internal applications to prioritize testing on those operating systems that are most heavily used within the organization.

Monitoring Exchange Configurations

With the slew of Exchange ConfigSources, you can closely monitor all Exchange activity happening in your environment, from the addition of new users to changes made to Exchange organization config files. This insight can alert you to any suspicious activity.

In This Article