Microsoft Office 365 Monitoring

LogicMonitor offers out-of-the-box monitoring for Microsoft 365. With LogicMonitor’s Microsoft 365 packages, you can monitor the state of your Microsoft 365 deployment and the underlying services and license usage that allows you to identify faults and manage performance.

Note: LogicMonitor also offers monitoring for the Microsoft Exchange server. For more information, see Microsoft Exchange Monitoring.

Requirements

  • Application (Client) ID, Directory (tenant ID), and client Secret Key value for a registered application in Microsoft Azure.

You may want to create a New App registration in the Azure portal before you start so that you have these IDs and Secret Key available for setting up permissions. For more information, follow the steps for Setting Up LogicMonitor Account in Microsoft 365.

Importing the LogicModules must be done before setting up Microsoft 365 for LogicMonitor to create a dashboard for the monitored resources.

Import LogicModules

From the LogicMonitor repository, import all Microsoft 365 LogicModules, which are listed in the LogicModules in the Package section of this support article. If these LogicModules are already present, ensure you have the most recent version.

Once the LogicModules are imported (assuming all previous setup requirements have been met), the PropertySources will automatically detect the host and assign the appropriate values to the system.categories property. These settings will also automatically associate the DataSources (and ConfigSources if supported by your LogicMonitor account) and data monitoring will begin.

LogicModules in Package

LogicMonitor’s package for Microsoft 365 consists of the following LogicModules. For full coverage, ensure that all of these LogicModules are imported into your LogicMonitor platform.

Display NameTypeDescription
Microsoft_Office365_SubscriptionsDataSourceMonitors Mircosoft 365 subscriptions.
Microsoft_Office365_ServiceHealthDataSourceMonitors the Office 365 service health.
Microsoft_Office365_Teams_Device_UsageDataSourceMonitors the last seven days of Microsoft Teams device usage by the number of users.
Microsoft_Office365_Teams_ActivityDataSourceMonitors the last seven days of Microsoft Teams activity.
Microsoft_Office365_OneDriveFileCountDataSourceMonitors OneDrive total and active files, as well as the time since the report was last updated.
Microsoft_Office365_OneDriveAccountsDataSourceMonitors the number of Active and Total accounts on OneDrive.
Microsoft_Office365_OneDriveStorageDataSourceMonitors OneDrive total storage used.
Microsoft_Office365_EmailActivityDataSourceMonitors Outlook total and rate counts for read, received, and sent emails.
Microsoft_Office365_EmailAppUsageDataSourceMonitors usage by application or Office version.
Microsoft_Office365_UserCountDataSourceMonitors individual Office365 services and their associated user activity.
Microsoft_Office365_SharepointSiteDetailsDataSourceMonitors the overall status of the SharePoint site. For more information, see Granular Monitoring of SharePoint.
Microsoft_Office365_SharepointStorageDataSourceMonitors SharePoint site storage.
Microsoft_Office365_Skype_DeviceUsageDataSourceMonitors Skype usage by device type.
Microsoft_Office365_Skype_PeerActivityMinutesDataSourceMonitors Microsoft 365 Skype for Business user activity by minutes for video and audio.
Microsoft_Office365_Skype_PeerActivityDataSourceDisplays Skype for business peer-to-peer activity counts.
Microsoft_Office365_MailboxQuotaStatusDataSourceMonitors the number of Mailboxes in different quota states.
Microsoft_Office365_MailboxUsageDetailDataSourceFetches details about mailbox usage.
Microsoft_Office365_Yammer_Device_UsageDataSourceMonitors Yammer usage by device type.


Setting Up LogicMonitor Account in Microsoft 365

Follow these steps to register and authorize a new application to call the reports API:

1. Log into the Azure portal using an administrator account.

2. From the Azure Services menu, click Azure Active Directory and click Add.

Note: Tenant ID is displayed on the Active Directory home screen. The Tenant ID will be required while adding the Azure account in LogicMonitor.

3. Navigate to Home > Organizational  account > Manage > App registrations and click +New registration.

4. On the Register, an application page, enter the following details:

  • Name: Enter a display name for the application. This name will be used throughout your Azure portal and does not have any specific requirements.
  • Supported account types: Select the Accounts in this organizational directory only option.
  • Redirect URI: This setting is optional and can be left unspecified. Enter the name for the application.

5. Click Register.

6. On the Registration page, you can see the Application (client) ID and Directory (tenant) ID.

Note: You will require these details for the LogicMonitor portal.

7. On the left navigation pane, click API permissions.

8. Click +Add permission.

9. On the Request API permission panel, click Microsoft Graph to configure Microsoft APIs.

10. Click Application permissions.

11. Add the following permissions to gather properties for collection.

PermissionsDescription
User.ReadAllows you to sign in to the app with your organizational account and let the app read your profile. Also, allows the app to read basic company information.
Reports.Read.AllAllows the app to read all service usage reports without a signed-in user. Services that provide usage reports include 365 and Azure Active Directory.
Organization.Read.All Allows the app to read the organization and related resources, without a signed-in user. Related resources include subscribed SKUs and tenant branding information.
Directory.Read.AllAllows the app to read data in your organization’s directory, such as users, groups, and apps, without a signed-in user.

ServiceHealth.Read.All
Allows the app to read service health of your organizational account.

12. Click Add permissions.

13. On the left navigation pane, click Certificates & secrets.

14. Add +New client secret.

15. On the Add a client secret pane, add information in the Description and the Expires fields.

16. Click Add.

Note: Ensure to copy or make a note of the Client Secret Key value. You will require to enter the value in the LogicMonitor value.

Setting up Microsoft 365 Account for Monitoring

Add your Microsoft 365 account into LogicMonitor from Exchange > Cloud Integrations.

Note: If you do not have access to Cloud Integrations, you can manually add your Microsoft 365 host into monitoring by creating a new resource with “outlook.office.com” as the IP address or DNS name. Be sure to assign a Windows-based Collector or Collector group to the resource. For more information on manually adding resources into monitoring, see Adding Devices.

For adding Microsoft 365 account, complete the following steps:

1. Log into the LogicMonitor Portal.

2. On the left navigation pane, click Exchange.

3. Click Cloud Integrations.

4. Select Office 365 and click Add.

5. On the Name page, enter the following details:

  • Name: (Required) Enter a name for the Office 365 account.
  • Description: Provide a description for this Office 365 account.
  • Parent Group: (Required) Assign the Office 365 account to a parent group. By default, it will be assigned to the root group of the portal.
  • Properties: Define properties and values.

6. On the Permissions page, enter the following details:

Note: You can find this information in your Microsoft Azure portal, on the registration page for your app. For more information, follow the steps for Setting UP Microsoft Graph API.

  • Tenant ID: (Required) The Directory ID for your registered application.
  • Client ID: (Required) The Application ID for your registered application.
  • Secret Key: (Required) The application password.

7. After you click Add Service, you should be able to view resources and dashboards from your Office 365 application.

Example Use Cases

Next, we’ve highlighted a sample dashboard and some sample monitoring scenarios that could be accomplished with the Office 365 LogicModule package.


Granular Monitoring of SharePoint

The SharePoint DataSources monitors multiple SharePoint site instance usage, traffic, storage, and file count, providing granular flexibility when monitoring SharePoint. With this information, you can decide whether to delete or combine sites that don’t get a lot of traffic but use up a considerable amount of storage.

On September 1, 2021 Microsoft removed identifiable user information such as usernames, groups, and sites from all their SharePoint usage reports. For more information, see Show user details in the reports.

If you want LogicMonitor to monitor SharePoint Site Usage Details, which uses that information for instance naming, you’ll need to make these configuration changes to your Microsoft 365 settings to display the user information:

  1. As a Global Administrator, in the admin center, go to Settings > Org Settings > Services.
  2. Select Reports.
  3. Uncheck the statement In all reports, display de-indentified names for users, groups, and sites.
  4. Save your changes.


Service Availability Monitoring

Track the availability of certain services including Exchange sign-in, voice mail, email, calendar, Microsoft portal, and billing page. Along with service availability monitoring, the Office365_Reports_ServicesUserActivity DataSource provides the total number of users that are utilizing the applications. The pairing of this information can be useful when prioritizing issues.

User Activity

Using user activity historical data collected across multiple services, such as call volume, meeting attendance, message counts, and so on, you can look into repurposing the licenses of the least active users if you are running low on licenses, or you might find that some licensed users are not in the organization anymore.

There is also a device usage breakdown that allows you to track which devices (Windows, Macs, iPhones, Androids) are most popular within your organization. This data can be useful when testing internal applications to prioritize testing on those operating systems that are most heavily used within the organization.

In This Article