Getting Started with

Office 365 User Assessment Security Report and Office 365 License Usage and Optimization Assessment.

Having Issues? Contact us.

Overview

This guide helps you get started with Voleer, starting with creating a Voleer account to setting up necessary permissions within your Office 365 tenant and running your first Voleer report.

Create an Account

Creating a Voleer account couldn’t be easier! Simply:

  1. Navigate to www.voleer.com

  2. Click the Get Started button

  3. Fill out the form, check the terms of service box

  4. Click Sign Up for Free

  5. Confirm your email by typing in the 6-digit code that was emailed to you.

Workspaces & Templates

Voleer is divided up into two areas: Templates and Workspaces.

Templates are the actual automations. Some templates store information such as credentials so that they can be used by other templates. In this getting started guide, we’ll use stored credentials to run other templates that will collect information from many different data sources and bring them together in a more consumable fashion. In the case of the two we’ve chosen for this guide, the output will be an emailed, password-protected, Excel report.

To help divide our work, Voleer allows us to create Workspaces. When managing the IT for multiple customers, it is often advantageous to have a Workspace for each customer. Each workspace holds its own separate credential/variable stores and records of all templates run for that workspace. If you’re only managing one organization, you may find that a single workspace works well or you may create separate Workspaces for each department, state, country or any other boundary that makes sense for your organization.

For this guide, we encourage you to create a demo Workspace to contain your work:

  1. Sign into Voleer

  2. On the left side, click on Workspaces

  3. Click the New Workspace button

  4. In the form, type Demo in the new workspace text-box, then click on Save.

  5. On the left side, click on Workspaces again.

  6. Refresh your browser until the Demo workspace is visible. It may take a few minutes for the new workspace to initialize.

Storing Credentials

To help simplify running templates, Voleer allows you to save credentials in a secure manner in your workspace. Depending on what template you are running, different environments, platforms, or operations may require different sets of credentials to accomplish the tasks that make up that template.

Credentials are referenced using a label that you specify when saving the credentials. For example, when running a billing report in Azure, while you could use a Global Administrator account, a more secure

approach would be using an account with the Billing Reader role assigned and you may choose to give it the name AzBillRead. Later when you run a template that requires that account, you’ll only need to enter AzBillRead instead of the username and password.

In this guide, we’ll use two different authentication methods to demonstrate the flexibility of Voleer. The Office 365 User Account Security Assessment will use the familiar username/password credential. The Office 365 License Usage and Optimization Assessment will leverage an Azure AD Application Registration ClientID and shared-secret to interact with the Microsoft Graph API. In each section, we’ll cover the pre-requisites step-by-step, so your account and app registration are properly licensed and permission.

The Office 365 User Account Security Assessment

The Office 365 User Account Security Assessment provides information on all user and service accounts within your Office 365 tenant. The dashboard report provides high level such as

  • The number of account breaches from haveibeenpwned.com

  • The number of accounts with MFA and password expiry enabled

  • The countries where there have been successful and failed logins

Pre-Requisites

Accounts

ToDo.png

To successfully run the Office 365 User Account Security Assessment, you will need an account with the Global Administrator role assigned to access the data and an account with a provisioned Exchange Online mailbox to allow the template to email the report. To simplify our example, we will assume that you will use a single account that meets both requirements. If you need to use separate accounts, simply save two sets of Office 365 credentials with different credential names and enter each in the proper input form field.

To store the credentials:

  1. On the left-hand side, click Public Library

  2. Click on the Save Azure AD Credentials template and read the overview.

  3. Click Use Template, select the Demo workspace, and then click Confirm.

  4. In the input form, choose a name for the credentials and enter the account information. For our example, we’ll use Office365Demo as the credential name.

  5. Leave the validation options set to No.

  6. Click Submit.

  7. To view the progress of this template, click on Activity Log.

Configurations (Optional)

To gain the most insight from the security assessment, you’ll need to enable the Office 365 Audit Log Search functionality. This will allow the template to include login success and failure information, including the IP address the login was attempted from, handy for identifying anomalous behavior. To enable this feature:

  1. Sign into the Security & Compliance Center with your Office 365 Admin account.

  2. Select Search & Investigation, and then select Audit log search.

  3. Select Start recording user and admin activity. If you don't see this link, auditing has already been turned on for your organization. A message alerts you that the audit log is being prepared.

Running Templates

Input2.png
  1. Click Public Library on the navigation pane

  2. Click on the Perform Office 365 User Account Security Assessment template.

  3. Read the information provided, then click Use Template, select the workspace Demo and click Confirm.

  4. Enter the credential name(s) you saved earlier in the proper fields, a destination email for the report to be sent to, and a password to protect the contents of the report.

  5. Click on the Submit button.

  6. The progress of the template can be monitored by clicking Workspaces in the navigation pane, selecting the Demo workspace and then selecting the Office 365 User Account Security Assessment entry in the Instances box.

Note

The time required to complete the Office 365 User Account Security Assessment template will depend greatly on the size of the environment it is run on. Large environments may take over an hour. Once the template is complete, you will receive an email at the address you entered in the input form containing the report as a password protected zip file.

Within the report, updating the yellow field allows you to view data from a specific range, i.e. Days since last login.

Report.png

The Office 365 License Usage and Optimization Assessment

The Office 365 License Usage and Optimization Assessment provides information on licenses tied to your user and service accounts within your Office 365 tenant. The dashboard report enables you to view data based on

  • What licenses have been assigned for a job title and what job titles have been assigned a license

  • The different license combinations for a job title and what job titles have been assigned license combinations

Within the Master sheet, you can deep dive into individual accounts to identify if there are features such as OneDrive, SharePoint and Teams etc. not being used potentially allowing you to downgrade licenses.

Pre-Requisites

App Registration

To successfully run the Office 365 License Usage and Optimization Assessment, you will first need to create an App Registration in the Azure Portal:

  1. Log into the Microsoft 365 admin center with your administrative credentials.

  2. On the left side, click See More…

  3. Click Azure Active Directory

  4. When the Azure Portal loads, click Azure Active Directory on the left-hand side.

  5. In the Azure Active Directory blade, along the left side, click App registrations.

  6. Click New Registration

  7. When the Register an application pane appears, enter Voleer Demo in the Name field and leave the rest of the form at its defaults.

  8. Click Register.

  9. Once the registration is created, on the Overview pane, copy the Application (client) ID value and paste it into Notepad. If you mouse over the value, an icon will appear which you can click to copy the value to your clipboard.

  10. Click Certificates & secrets

  11. Click New client secret

  12. Enter a description such as Voleer Demo Secret, leave the expiration at the default of 1 year.

  13. Click Add

  14. Click the copy icon next to the new secret value and paste it to your Notepad window. Once you navigate away from this page, the secret value cannot be retrieved, so if you lose it, you will need to create a new secret value and remove the old value.

  15. Click API Permissions

  16. Click Add a permission

  17. Click Microsoft Graph

  18. Click Application permissions

  19. Expand Reports and check the Reports.Read.All checkbox

  20. Click Add permission at the bottom

  21. Click Grant admin consent for [YOUR TENANT NAME]

  22. Click Yes.

Phew! Once you are done with this guide, remember to delete the app registration. Simply:

  1. Repeat steps 1-5 from above.

  2. Click All Applications

  3. Click Voleer Demo (search if necessary)

  4. Click Delete

  5. Click Yes

To store credentials:

ToDo.png
  1. Log into Voleer

  2. On the left-hand side, click Public Library

  3. Click on the Save Azure AD Application Credentials template and read the overview.

  4. Click Use Template, select the Demo workspace, and then click Confirm.

  5. In the input form, choose a name for the credentials and enter the ClientID and secret. For our example, we’ll use MicrosoftGraphDemo as the credential name.

  6. Click Submit.

  7. To view the progress of this template, click on Activity Log

Running Templates

Input2.png
  1. Click Public Library on the navigation pane

  2. Click on the Perform Office 365 License Usage and Optimization Assessment template.

  3. Read the information provided, then click Use Template, select the workspace Demo and click Confirm.

  4. Enter the credential names you saved earlier in the proper fields. In our case, we’ll use Office365Demo for the Admin and Email credentials and MicrosoftGraphDemo for the Graph credentials.

  5. Enter a destination email for the report to be sent to, and a password to protect the contents of the report.

  6. Click on the Submit button.

  7. The progress of the template can be monitored by clicking Workspaces in the navigation pane, selecting the Demo workspace and then selecting the Office 365 License Usage and Optimization Assessment entry in the Instances box.

Note

The time required to complete the Office 365 License Usage and Optimization Assessment template will depend greatly on the size of the environment it is run on. Large environments may take over an hour. Once the template is complete, you will receive an email at the address you entered in the input form containing the report as a password protected zip file.

When using the reports, click on the cells next to the titles to view the available dropdown options for the graph

Report2.png

FAQ

  1. Do I need to use a Global Administrator account to run this report?
    There are most certainly lower level permissions you can grant to your service account to run these reports, however, given the breadth of the report across Office 365 and Azure, it may to easier to use the Global Administrator account. Note that the credentials you do provide on our system is encrypted at rest using Microsoft Azure Storage technology so that you can be assured that your credentials are safe. If you are concerned about providing Global Administrator access to the service account, you can also provide this permission on an ad-hoc basis to the service account when generating the report.

  2. Does my Global Administrator account require a mailbox license? 

    Your Global Administrator account does not require a mailbox license to use the templates in Voleer. You can save off another set of Office 365 credentials (i.e. an account that does have a mailbox license associated with it) and use that when running the template.

  3. I’ve forgotten the name I’ve given to my Office 365 Global Admin account in Voleer. What do I do?

    If you have forgotten the name you have given to your Office 365 Global Admin account in Voleer, you can use the template Save Office 365 Credentials and create another set of credentials. We will be implementing features to manage credentials with Voleer shortly.

  4. I’ve followed the instructions you have provided within this document, but I am not able to successfully generate a report. Can you please help me?

    We are more than glad to assist. For us to be able to provide effective support, please provide the following information

    1.     Your Voleer account name (i.e. the URL)

    2.     The Name of the Instance that failed, including the date, time and your time-zone