Changelog

Click here if you like to subscribe the ChangeLog as an RSS feed.

Delegate365-Working with Audit Logs

Monday, June 26, 2017

Delegate365 protocols all modifications of users, licenses and groups within the solution. This is essential to comprehend actions accomplished by Delegate365 administrators or by automated tasks. See how to work with that audited data here.

So, all actions are logged to the Delegate365 Audit Log. In the current versions, the audit logs are saved to an Azure Storage Account. There are three ways of working with the audit data:

  1. See audit data within Delegate365
  2. Access the data directly with Microsoft Storage Explorer
  3. Connect to the data with tools as Microsoft Excel or Power BI

All methods are available for Portal Admins in the administration / audit menu and are described here.

Important: The audit logs can grow very fast since all actions of all administrators and of the sync operations are logged. Depending on the number of objects that were changed, there can be a log of ten thousands of lines at each sync. Delegate365 provides various methods for accessing that data and for handling large amounts of data.

1. Seeing audit data within Delegate365

The auditing menu shows the latest audit data for quick lookups. This list can be filtered by Date range and by a simple search expression, like a AdminName or OU column. Depending on the changed being made, the Details column shows all changed properties or assignments. Auditing currently shows the last data up to 6 months (depending on the size of the log and the Office 365 tenant, so this can vary in your environment).

image

Since the data is logged in a variable data format, the admin can navigate through the details by opening the tree objects as shown here. For example, this user has been changed by the SyncOp automatically and some licenses have been added, so that there are now 27 active plans assigned .

image

This list can be browsed with the Previous and Next buttons at the end of each page.

Important: If the auditing log gets too extensive no data will be shown (the auditing list stays empty then). This happened at some Delegate365 tenants in the past. We are currently developing a workaround for that scenario in future. With the next update, the log will be divided into smaller parts per day to enable access in the Auditing module in all scenarios. This will be described here soon. If this happens in your tenant now, pls. follow the alternative steps as described below.

2. Working with the Microsoft Storage Explorer

The second method to work with audit data is to access it directly from the Delegate365 storage. Here, the amount of data is better to handle and the audit data can be exported for further use, for example for custom reporting.

  • Open the administration / audit / reporting menu and follow the steps below.
    image
  • Now it depends, how you want to use the Delegate365 audit logs: You can download the data with a tool like Microsoft Storage Explorer, or you can access the data directly with Excel, Power BI or other tools.
  • If you want to access the data directly on your computer, you need to install the cost free tool Microsoft Storage Explorer from storageexplorer.com once. This allows you connect to the Delegate365 storage in a similar way as the Windows Explorer.
  • Download and install StorageExplorer.exe on your computer.
    image
  • After starting, select “Use a storage account name and key” to connect and click Next.
    image
  • Now we need to enter the Account name and Account key. Leave the other settings as defaults (and as shown here).
    image
  • Switch to Delegate365 and get the access keys from there by clicking the Get account button.
    image
  • Copy both keys (Account name and Account key) into the Microsoft Storage Explorer form and click Next.
    image
  • Confirm by clicking Connect.
    image
  • Now you should be connected to the Delegate365 storage account. Navigate to your storage account name (d365demo5 in this sample) / Tables / AuditLogSearch. In here you can access all the log data.
    image
  • Info: Edit shows one row in a better readable format.
    image
    The changes itself are stored in JSON format in the Value column which can look as here. To split these values, we recommend to use Microsoft Excel or Power BI (see the below).
    Sample data:
    {  "Fields": [    {      "FieldName": "Id",      "CurrentValue": "0",      "OldValueIfAny": ""    },
        {      "FieldName": "Identity",      "CurrentValue": "projecta",      "OldValueIfAny": ""    },
        {      "FieldName": "Name",      "CurrentValue": "projecta",      "OldValueIfAny": ""    },
        {      "FieldName": "DisplayName",      "CurrentValue": "Project A",      "OldValueIfAny": ""    },
        {      "FieldName": "Alias",      "CurrentValue": "projecta",      "OldValueIfAny": ""    },
        {      "FieldName": "Guid",      "CurrentValue": "4c317d67-fac5-4896-b4a0-fc005be01fb9",      "OldValueIfAny": ""    },
        {      "FieldName": "Synced",      "CurrentValue": "4/20/2017 5:19:52 PM",      "OldValueIfAny": ""    },
        {      "FieldName": "PrimarySmtpAddress",      "CurrentValue": "projecta@CIE4851707.onmicrosoft.com",      "OldValueIfAny": ""    },
        {      "FieldName": "DirSyncEnabled",      "CurrentValue": "False",      "OldValueIfAny": ""    },
        {      "FieldName": "ExternalDirectoryObjectId",      "CurrentValue": "0e4fb799-c968-4561-b92d-1637692bcb43",      "OldValueIfAny": ""    }  ],
      "UserMembershipChanges": {    "DistributionGroupAdded": "",    "DistributionGroupRemoved": "",    "SecurityGroupsAdded": [],
        "SecurityGroupsRemoved": [],    "SharedMailboxAdded": "",    "SharedMailboxRemoved": ""  },  "Licenses": [],  "MembersAdded": [],  "MembersRemoved": [] }
  • You can query the result for filtering, as for example to see all objects, the user admin@….onmicrosoft.com has changed, combined with further filter expressions. If you need recurring queries, a query can be saved as .stgquery file and reused later. The Storage Explorer is a powerful tool.
    image
  • The (filtered) data can be exported easily and reopened, for example with Microsoft Excel for further usage.
    SNAGHTML6472cc4
  • Storage Explorer can manage multiple connections. You also can add another connection anytime with the Connect Icon. Then, simply follow the wizard as shown above to connect to other data sources within the Azure Storage.
    image

Microsoft Storage Explorer is a powerful tool for exporting or querying Delegate365 audit data.

3. Using Power-BI

The third approach is to use Delegate365 audit logs directly from the storage with Microsoft Power BI.

  • Open powerbi.microsoft.com/desktop/ and install the Desktop client PBIDesktop_x64.msi on your computer.
    image
    (It is not necessary to use the client version. You can also access and work with the data in the online client directly in a browser at https://app.powerbi.com/, but the desktop client usually provides more features and more convenience.)
  • Start Power BI Desktop and sign in (you need to have an Office 365 Power BI license).
  • In Delegate365, open the administration / audit / reporting menu and follow the steps below.
    image
  • Download the Delegate365 Power-BI file by clicking the “Get Power-BI file” button.
  • Unzip Delegate365-Dashboard.zip. That extracts Delegate365-Dashboard.pbix.
  • Change to Power BI Desktop and open Delegate365-Dashboard.pbix. This should look as follows:
    image
  • In the ribbon, click Edit Queries and Data source settings.
    image
  • In the data source settings, click the “Change source” button.
  • You need to get the access Delegate365 storage account settings as described in (2). Now copy the Azure account name (in our sample “d365demo5”) into the Account name or URL field. Confirm with “Ok”.
    image
  • If asked, confirm the message “There are pending changes in your queries that haven’t been applied.”. Click the “Apply changes” button.
  • Then, Power BI Desktop will ask you for the Account key. Paste the account key (in our sample “bO/GmPYD00ci+….”) from the Delegate365 settings into that field and click “Connect”.
    image
  • Now data should be transferred from the Delegate365 storage to the Power BI client. Depending on the log size, this can take some seconds or longer…
    image
  • That’s it. The dashboard will be populated with the (Pivot) queries of the AuditLogSearch table.
    image
  • In the Delegate365 Power BI data source, all (possible) data is already transformed from JSON to extra data fields. This allows to easily access all kind of data in the dashboard editor. The following screenshot shows the applied steps for the data source to extract all data from JSON format to fields.
    image
  • To refresh the dashboard, click the Refresh button in the ribbon any time (and wait for the latest data that will be visualized then instantly).
    image
  • Feel free to modify your dashboards with the data provided by Delegate365 Audit Logs (and don’t forget to save your dashboard with the current data).
  • Power BI provides a quick and cool toolset to get the data you are interested in.

Summary

All actions executed in Delegate365 are logged, whether it’s a manual action or an automated process. Portal Administrators get access to all the audit data of Delegate365. There are several ways to get all audit data easily for further usage in other tools. Opening the Delegate365 data storage is based on Microsoft standards and supports further scenarios and custom development.

We hope you like the (new) way of working with data out of Delegate365 and we appreciate your feedback.




Delegate365 changelog version 6.4-automate additional licenses assignments

Monday, May 8, 2017

In Delegate365 version 6.2 update we added an important feature to save Delegate365 licenses. With this Delegate365 version, there comes a new, powerful feature for more Office 365 automation.

The new version number is 6.4. No worries, you have not missed version 6.3, since this was an internal version for adding the new user license assignment feature, testing and fixes. Delegate365 version 6.4 will be rolled out in the next two weeks. So, what does this update do?

  • Why additional license assignments: In Delegate365, all manageable objects as users and groups are assigned to an Organizational Unit (OU). This can be combined with automatic license assignments which is available since about two years (see the basic functionality here). Recently, we got requests to add additional features for automatic Office 365 license assignments from some of our customers.
    Most of the Delegate365 customers are adding the desired OU name to a specific user attribute to ensure that new users or user changes are automatically assigned to the corresponding OU in Delegate365 through the SyncOp. As mentioned above, this can be combined with assigning an additional Office 365 license coming with the OU assignment which is a very common scenario. Sometimes, additional Office 365 licenses shall be added automatically. Now there comes an additional feature in the Sync options to add Office 365 licenses to users based on custom values as follows.
  • How to set additional license assignments automatically: In administration / sync / sync options there’s a new region named User license assignment. This works as the other available options and can be set to Yes or No with the Use license sync options switch. Below that, multiple conditions can be added as follows.
    image
    By default, the Use license sync options are set to No.
    If switched to Yes, the region below becomes active and can be configured. Portal admins can add multiple lines and define conditions to assign a specific condition which could be as follows:
    If “Department” contains the value “E3”, then assign specific plans of the E3 license (or similar).
    As first step, the user property selection is made and the string to compare is added (here: “E3”).
    image
    Then, a click on the Licenses icon opens the license panel on the right. Here, a custom set of licenses can be selected.
    in this sample, the user shall get “Skype” and “SharePoint” plans, if the condition is met.
    image
    The license set must be stored by clicking “Save”. Now the condition (that line) is defined.
    Click the Save button at the bottom to save all Sync options on that page. The configuration is persisted and will be used by the following Sync operations.
  • Matching rules: The Sync options can be used for comparing user properties (as Department, CustomAttributes, etc.) or if the user is member of a security group as well – same as the user sync options for assigning to an OU. The value must be part of the selected property (upper and lowercase and spaces at the start or end are ignored) so the condition always says “contains”. So in this example, the condition works and will be executed, if the user property in department is set to “E1, E3, E5”, or “set license to e3 and e5” or simply “e3”. With that mechanism, administrators can create powerful automations for assigning any license set, defined by any custom value.
  • License selection: The Licenses icon visualizes if there are licenses selected or not. This helps to see at a glance if licenses will be added or not.
    image
  • Remove a license condition: To remove a condition, click the Remove icon “x”. There is no confirmation needed. Th enew configuration is saved by clicking the Save button at the bottom of the page and is valid immediately for the next SyncOps.
  • All sync options are used when the next sync operation runs (automatically or manually). This means, you will see a result – the users matching the defined condition will receive the Office 365 licenses - after the next SyncOp.
  • Additional licenses: To keep in mind: As in all automatic license assignments in Delegate365, Office 365 licenses are always added additionally. So, licenses are never removed from a user with any automatic task.
  • To make it short: The new User license assignment options help to automatically add Office 365 licenses independently of OU-assignments in Delegate365. This only affects users that are assigned to an OU in Delegate365 – to users that are visible in Delegate365.
  • Manage administrators fix: If the display name of an administrator contained round brackets (as “John Doe (Scope administrator)”), the text within the brackets was not saved. This has been fixed.
  • Login process fix: In some rare cases and specific tenant configurations, an error could occur after the login process denying access to Delegate365. We identified that issue which seemed to be a misconfiguration of the Microsoft AAD login methods and workarounded that scenario. So the login process will now react to that situation and deliver a meaningful error message that there’s a false identity used for that Office 365 tenant.

Delegate365 version 6.4 allows to automate custom license requirements. This is a powerful addition for auto license assignments within Delegate365. Now Office 365 licenses can be set by simply adding a user property to any custom value and by defining one or more conditions in the Sync options.

The deployment of the update will start by May 8th and during the following two weeks. Enjoy automating with the new new user license assignment feature!




Delegate365 changelog version 6.2-license and further improvements

Friday, April 7, 2017

Delegate365 version 6.2 comes with some updates and improvements. See the new features described here.

  • License counting update: Delegate365 is licensed per user that shall be managed. There comes just one peculiarity with that: shared mailboxes and resources are delivered from the Office 365 interface as users. This causes that D365 counts such users (but only) if they are assigned to an OU as well although they do not need to have an Office 365 license. So, this can lead to uncertainty, why licensing in D365 can be different from Office 365. Again, this is only the case if the user objects are assigned to an OU in D365. For more information about that topic pls. see Delegate365 license information (Q&A 4 to 6). With the new feature this behavior can be compensated and is obsolete.
    The following graphics shows such a scenario where a shared mailbox “support” is assigned to an OU in D365 (and counts as a D365 user license).
    image
    We wanted to simplify that licensing in D365 to make it equal to Office 365 licensing in that specific case. With this D365 update, there come two new switches “Ignore shared mailbox users” and “Ignore resource users” in the administration / sync / sync options user region.
    image
    By default, these two switches are set to “No”. This means, existing users for shared mailboxes and resources stay in the users list, as it was before.
    If set to ”Yes”, this means that shared mailboxes and resources are ignored as “user” in D365. Such user objects that were existing in the users list will be removed from the users list. (No worries, nothing bad happens, they just no longer show up – and are not counted for D365 user licenses.)
    After the next SyncOp (of course, with “Use user sync options” switch to “Yes”), these user objects will no longer shown in the users list.
    image
    The shared mailbox “support” is gone from the users list.
    Of course, the object is still manageable in the more / shared mailboxes list and can be managed there. The same goes for the resources.
    image
    Our recommendation: Set both new switches to “Yes”. Usually there is no need to manage a shared mailbox or a resource in the same way as a user.
    With “Ignore shared mailbox users” and “Ignore resource users” activated, this saves D365 licenses.
  • D365 license check: See the D365 license status in the menu bar by opening the information (bell) icon.
    image
  • Create new users: The creation of a new user in D365 has been updated. The editing works as before…
    image
    After clicking “Save”, the provisioning starts. Now you can watch the various processes in real time. Now, D365 first checks if the UPN is available in the Office 365 tenant (and various other options) and only completes if all prerequisites are met.
    image
    This new behavior allows admins to immediately see if any issues occur during the user creation process. For example if the UPN was already used somewhere in the Office 365 tenant (as contact, alias or similar), the user creation could not be finished but the admin did not know what caused the problem. This now is transparent to the admin.
  • Resources OU assignment fixed: There was an issue in version 6.1 if resources were automatically assigned to an OU by a property during the SyncOp. The automatic OU assignment of resource did not work. This has been fixed with this version.
  • Automatic service communication check: D365 runs with service accounts that need to be valid for communicating with Azure Active Directory and Exchange Online. If, for any reason, these accounts are no longer valid (for example if the user object has been deleted or a password has been changed or similar), D365 now checks if it can communicate with the Microsoft interfaces. If not, alerts are shown in the menu bar. When opening the alert (triangle) icon, you see the details.
    image
    The same goes for the D365 AAD Service Account that is usually valid for two years. If the validity does not exceed one month in the future, you get an alert as well. The Service account’s expiration date will be shown in that case.
    image
    If you get such a warning and any of these two accounts is expired, D365 will no longer work (for any user).
    Please renew the Office 365 account or rerun the setup as said in the warning, simply follow the links.
  • Manual service communication check: Additionally, you can test the connectivity anytime in administration / configuration / office 365 account settings with “Test credentials”. In case of failure, alerts are shown:
    image
    Again, pls. renew the Exchange account in that case and re-test.

Delegate365 version 6.2 brings improvements and will be deployed to all existing productive tenants starting by 10th April during the following two weeks.




Components of Delegate365

Monday, February 27, 2017

Since the beginning, Delegate365 developed to an extensive cloud solution for Microsoft Office 365. This article delivers a short overview about the components of Delegate365 in the Microsoft Cloud.

The following graphics shows the involved Azure services that are used in D365.

image

Delegate365 is using Platform-as-a-Service components that are maintenance-free. In detail, Delegate365 consists of the following Azure services.

  • Web App – this hosts the Delegeate365 portal website.
  • Jobs – these are tasks that run automatically in the background, currently these are the Synchronization Job, the License Aggregator Job, the Log Sink Job and the Sync Notifications.
  • Cloud Service – handles operations against AAD and Exchange Online.
  • Database – is used for caching objects to deliver a good user experience and for storing OU assignments.
  • Storage – Audit Logs are stored in Azure Table Storage. In former versions the logs were stored as log files. With version 6 this has been changed to Azure Table Storage. This storage can be accessed directly if needed, for example for further use of the logs with Excel or Power BI.
  • Monitoring – anonymized usage data is sent to a central App data pool to get metrics about the usage of pages and functions and monitoring.
  • AAD – this is your Office365 tenant which is bound to the D365 tenant.

When provisioned, every customer gets his own environment which looks as described above. The provisioning process is done with a management tool called “D365 Worker”. This tool runs completely in Azure as well and takes care about automated provisioning of all necessary components and the upgrade process.

Since Delegate365 is provided as Software-as-a-Service, there is no need for customers to install any software or to take care about update process. See the latest Delegate365 features here.

Happy Delegate-ing!




Delegate365 changelog version 6.1-at a glance

Wednesday, February 22, 2017

At the end of last year, Delegate365 version 6 was announced. We added a bunch of features and before updating all tenants, we wanted to improve some functionality. So it took some time to develop and test new features. Now it’s time to update all existing Delegate365 tenants to the latest version 6.1. See the most relevant news at a glance here!

Important: Some customers are already using Delegate365 version 6. All D365 tenants will be upgraded to version 6.1 in the next days. All customers will also receive an email notification about the exact upgrade time. If you have any reservation against the D365 tenant upgrade time please contact us at support@atwork.at.

This article includes all changes of Delegate365 changelog version 6-overview and all new features of version 6.1 (so there is no need to check out older articles). Some new features will be described more detailed in extra articles in the next days.

  • Delegate365 stays as it is. No worries, Delegate365 will not change and you can benefit from improved and new features. The “biggest” change in the UI is the restructured left menu as follows.
  • New menu: The menu has been simplified by using groups. Pls. see the details – where to find what – in this article: Delegate365 changelog version 6-Menu restructuring. To download an Excel sheet with all menus and a comparison between v6 and previous versions, click here.
    image
    We think the new menu is more structured (much smaller) and helps to find related functions quicker.
    image
    Hope you like it!
  • New Audit Logging: Large tenants and many operations can produce large audit logs in Delegate365 since every operation and every sync jobs is protocolled. We wanted to optimize the logging. So, we completely redesigned the logging system in Delegate365. The audit logs (what happened when in D365 by which user) are now stored in the D365 database for up to 90 days for quick access. Additionally, the audit logs are no longer in the file system, but stored in Azure Table Storage. See more details at Delegate365 changelog version 6-Logging.
    The audit logs (from the database) can be filtered in administration / audit / auditing.
    image
    The information is now structured with toggles. You can expand the desired information as here. In this sample, that user has been assigned to E5 plan.
    image
    We think this new visualization helps to find information faster and in a more structured way. In the background, all data is stored as JSON object in the logs which helps for using this data in Power BI later. The D365 module will show the latest audit logs up to 90 days.
  • Export Audit Logs: In administration / audit / reporting the audit logs can be consumed directly and then exported with a tool as Microsoft Azure Storage Explorer. In here Portal Admins can access the key to the D365 Azure storage and download a sample Power BI dashboard file for further use.
    image
    An article about the possibilities and the How-To will follow shortly.
  • Historic Audit Logs: “Old” audit log files (in CSV format) are still accessible in the administration / audit / history module. All audit log data is currently additionally written to these logfiles as well. Our plan is to remove this “old” logging in one of the next versions. We encourage our customers to download existing log files if needed.
    image
    In future versions, this logging and this module will be removed and only the new auditing functions will be available.
  • Power-BI (Beta): The new logging allows the protocolled data to be used in Microsoft Power-BI. Data can be exported and reused directly from the D365 Azure Storage. In return, the reports section in Delegate365 will be removed in one of the next versions. There will be an article showing the steps shortly.
    image
  • New PowerShell (Beta): For Portal Admins, there’s now a scripting module available. This allows to write and execute PowerShell scripts and to load and save them in a small management console. The important part here is, that you can easily define the scope, you want to execute the current script: on Office 365 tenant level, for specific OU’s or for custom objects. To see all details of this module, pls. see the upcoming article about scripting.
    image
    This module is currently just for demo purposes and will be enhanced in the next version, more to come.
  • Assign licenses: The visualization and the “toggle” function (like in the audit logs) are now used in the licenses / assign licenses module as well.
    image
    This enables a much better presentation of the relevant data. There are helpful links for expanding or collapsing all nodes with one click as follows:
    image
    That’s smart and handy, right? Winking smile
  • New Daily License Statistics: This new statistics delivers the daily status of Office 365 licenses used per OU. This historic data can be used for cost centers or other purposes to see the exact license statistics per OU and per day.
    image
    The data can be filtered by date and OU and can be exported with one click as CSV or Excel file.
  • New: Mail flow: Admins can now activate Mail flow tracing in D365 in the new more / mail flow module! This feature can be configured for specific senders and recipients and for a date range for the past 24 hours, 78 hours or 7 days.
    image
    Find more about Mail Flow in Exchange Online here.
  • New Sync Options for Security Groups: Security Groups now can be automatically assigned in administration / sync / sync options by their name (since they do not have any properties to control automatic assignment as other objects in Office 365). A free prefix can be defined to split an OU name and the group name, for example, “New York_HR” would assign that security group to OU “New York”.
    image
    By default, this new switch is turned off. Configure and use this option as desired for your organization. Now you can even auto-assign Security Groups by name.
  • New: Test the service account: One issue that happens easily is that the Office 365 service account expires (or gets disabled or the password must be changed). In such a case, Exchange operations fail in D365. Now D365 checks the validity of that account automatically when starting. Additionally, Portal Admins can now test the saved credentials anytime in administration / configuration / office 365 account with the new “Test credentials” button. This makes sense, if you just changed the account or if operations fail and you want to test the saved service account. Simply click the button!
    image
    D365 tries to access Office 365 with that account and informs about success or failure as shown above.
  • New: Test SMTP settings: In administration / configuration / settings , the Portal Admins can now also test the validity of the saved SMTP settings and use the new “Test your SMTP configuration” setting to send emails to check if this works out of D365.
    image
    Enter a valid email address, click the “Test” button and check the result to see if the stored configuration works.
    image
    This ensures that D365 can send notifications in specific scenarios (for example when license orders are sent). The recipient will get a email message (using the new D365 email template) as here.
    image
  • New: Delegate licensing: The bell icon in the top menu bar shows the number of consumed D365 licenses. D365 changes the color of the licenses are about to end or are used completely (traffic signal colors green, orange, red).
    image
  • New and updated Jobs: In former versions, there was only the SyncOp job running in the background. Now there are more background operations in place, as described in this list:
    Synchronization Job: This job synchronizes all modifications from Office 365 to Delegate365 and runs every 4 hours. The same job can be executed manually anytime in Delegate365.
    License Aggregator Job: This new job runs all 6 hours and protocols the daily status of Office 365 licenses used per OU for further usage.
    Log Sink Job: This job runs all 5 minutes and pulls out messages from the logging queue and persists the data to the Delegate365 database and to Azure Storage.
    Sync Notifications: To optimize the transportation to the notification center, now this job takes care about checking for news all 3 hours and delivers them to the Delegate365 database.
  • Fixes: Syncing of Dynamic Groups could produce an error because the API simply does not deliver the Object ID. We built a workaround for that, this is now fixed.
  • Small changes: We took care of typos, we are using new email templates for notification emails, used better wording in some pages and added some descriptions in various pages.

So, there are a lot of improvements in Delegate365 version 6.1. New features will be described in own articles.

Existing D365 customers will be upgraded until end of February automatically. New Trials will also get this latest version from now on.

We are continuing to improve D365. So, stay tuned for the next versions of Delegate365!




Delegate365 changelog version 6-Menu restructuring

Tuesday, January 17, 2017

With Delegate365 version 6 there comes a slightly restructured menu. See the differences here.

The existing left menu got a little bit disordered, so we reorganized it with groups to make it easier for admins to find related features. Enlarge the following graphics to see all menus and their new position.

The left side (gray) shows the menu of D365 version 5, the right side (green) shows the new menu D365 version 6.

d365-menu-compare

The graphics shows all menus. Now there are up to 3 menu levels instead of 2 and some new menus have been added.

If you prefer the text form, the following table shows the menus. Alternatively you can download an Excel sheet with that comparison here.

Version5

 

 

Version6

   

dashboard

   

dashboard

   

administration

   

administration

   

administrator dashboard

 

sync

 

sync

 

 

sync operations

sync options

 

 

sync options

manage administrators

 

 

scripts*

organizational units

 

manage administrators

 

ou overview

 

organizational units

 

assign

 

 

manage ou's

unassign

 

 

license report*

usage locations

 

 

ou overview

license information

 

 

assign

license quotas

 

 

unassign  

administrator account

 

license management

 

configuration

 

 

license aggregation*

password policy

 

 

license mapping

auditing

 

 

license quotas

deleted users

 

 

usage locations

reports

   

user management

 

management statistics

 

 

password policy

spam & malware

 

 

deleted users

operating systems

 

audit

 

browser usage

 

 

auditing*

mailbox types

 

 

reporting*

mailbox traffic

 

 

history

mailbox usage

 

configuration

 

mailbox stale

 

 

office 365 account

mailbox connections

 

 

settings

mailbox activity

 

reports

   

group activity

 

management statistics

 

users

   

spam & malware

 

assign licenses

   

operating systems

 

license statistics

   

browser usage

 

distribution groups

   

mailbox types

 

dynamic groups

   

mailbox traffic

 

security groups

   

mailbox usage

 

shared mailboxes

   

mailbox stale

 

resources

   

mailbox connections

 

contacts

   

mailbox activity

 

license orders

   

group activity

 

import users

   

users

   

support

   

licenses

   
     

assign licenses

 
     

license statistics

 
     

license orders

 
     

import users

 
     

groups

   
     

security groups

 
     

distribution groups

 
     

dynamic groups

 
     

more

   
     

shared mailboxes

 
     

resources

 
     

contacts

 
     

mail flow*

 
     

support

   

Menus marked with a star (*) are new features which will be described in following articles.

Note: The “reports” menu will be removed in future versions and replaced by the export features for further reporting with tools as Microsoft Power BI. The “audit / reporting” menu already provides this function.

It takes a little bit to get used to the new menu, but we think, the new structure provides a better overview and the grouping makes sense. Hope you like it!




Delegate365 changelog version 6-Logging

Thursday, December 1, 2016

Large tenants and many operations can produce large audit logs in Delegate365 since every operation and every sync jobs is protocolled. To optimize the logging and to offer export and further use of the operations data, the audit logging changes with this version. See the details here.

  • Previous versions: Let’s have a look back into the logging in the past. In the early versions of Delegate365, the logging was done in a database which blew up the database (unnecessarily). So, with version 2, we changed the logging to simple text files in CSV format to make it very easy to work with the protocolled data, for example, in Microsoft Excel. This format is used up to Delegate365 version 5.x.
  • Room for improvement: For the logging in the existing form, we were struggling with three difficulties:
    First, if an admin wants to work with the protocolled data, the logfiles need to be downloaded manually from the Delegate365 portal (as ZIP file including multiple CSV files or as XLSX file with one day in one sheet).
    image
    Secondly, the log shows the changed data in a long text string (separated with comma, as in the sample below).
    image
    One log entry looks as here:
    22,11/29/2016 11:04:53 AM,User,admin@CIE123815.onmicrosoft.com,mollyc@CIE123815.onmicrosoft.com,
    Modified,Seattle,"License: none; Field: City, OldValue: , NewValue: Seattle;
    Field: PhysicalDeliveryOfficeName, OldValue: , NewValue: Seattle; Field: StateOrProvince, OldValue: , NewValue: Washington"

    Thirdly, the web space is limited. So, if large logs are produced, the website cannot store the logfiles forever, but just maybe for a year. We wanted to improve that.
  • New Logging (overview): As explained above, we wanted to optimize the logging. So, we completely redesigned the logging system in Delegate365. The following graphics gives an overview how the logging in version 6 works: The “old” logging still is in place and will be removed in near future. The “new” logging inserts any operation into a queue. An own job reads the new messages of the logging queue and processes the messages. There’s a switch that protocols the message into the Delegate365 database and additionally in an Azure storage.
    image15
    So, from now on, there is “short-term logging” and “long-term logging” (colored green in the the graphics above).
  • Old logging: Until version 5.x, logging is done only into the web storage of the Delegate365 instance. This space is limited (usually about 10GB). This logging is still in place additionally, to make the old logs available for some time. We plan to remove the old logging completely in one of the next versions.
  • Logging in the database: In the database, the log entries will be existing up to 3 months (90 days). The idea is to have the last log data available in the UI very quickly and searchable within the Delegate365 portal. Usually, if any actions concerning specific users need to be found, the admin gets an information from his colleagues within days. So he can look into the last operations – if they happened within the last 90 days - within the portal quickly. The logging system takes care about the cleanup and removes all older entries automatically.
  • Logging in a storage: One goal was to have (more or less) unlimited storage for logs, so that Portal Admins no longer have to take care of downloading logfiles themselves, if the limited space runs out. The second goal was to provide an easy access for Portal Admins to get the logs without the need for manual downloading them from the Delegate365 portal. So we introduced Azure Table Storage into the Delegate365 ecosystem. Every Delegate365 instance gets an own Azure storage for their logs. This happens automatically with the upgrade to version 6.
  • New logging format: Instead of values separated with commas we now use own columns and JSON format. We will post the new format here shortly.
  • Direct Access of Azure storage: Besides the theoretically unlimited space in Azure storage, data in that storage can be accessed directly (if you have permissions). As tool for accessing your Delegate365 logfiles we recommend to download the cost free Microsoft Azure Storage Explorer (see also here).
    This allows Portal Admins to connect to an Azure Storage to query and to download the produced log files. The key will be available in the Delegate365 portal.
  • Support for Power-BI: With the new logging, you can connect directly to the Delegate365 Audit Logs and use the data for your own queries. We will show guidelines or a ready to use dashboard in the next weeks. This was one of our goals to make Power BI available for all operations data.
  • Removing reports: In return, we will remove the reporting section in Delegate365 in one of the next versions. Admins shall benefit from pivoting their Delegate365 logs as needed. We think this is the better approach to work with the data in other systems as Microsoft Excel or Power-BI.
  • How To use logging data and Power-BI: There will be a step-by-step blogpost here shortly showing the procedure of exporting data and using data from Delegate365 with Power-BI.

We are currently still doing the final touches on version 6. This update will take some more days, but we are working intensively on the new version and testing. So, stay tuned, more will follow!




Delegate365 changelog version 6-overview

Thursday, December 1, 2016

As posted in September at Delegate365 announcement about upcoming changes in version 6, we will update Delegate365 to version 6 shortly. Actually, we wanted to update all Delegate365 tenants already this November, but we have been very busy, so this update comes a little bit delayed. See the details here.

  • Delegate365 stays as it is. We just figured out some things we can improve and add to the existing functionality. So, no worries, Delegate365 will stay as it is, but you can benefit from improved and new features.
  • New Logging: Large tenants and many operations can produce large audit logs in Delegate365 since every operation and every sync jobs is protocolled. We wanted to optimize the logging. So, we completely redesigned the logging system in Delegate365. The graphics below gives an overview about the logging system components and their properties.
    image[1]
    To see more details of this module, pls. check out the article Delegate365 changelog version 6-Logging.
  • Power-BI: The new logging allows the protocolled data to be used in Microsoft Power-BI. Data can be exported and reused directly. In return, the reports section in Delegate365 will be removed in one of the next versions.
  • New PowerShell: For Portal Admins, there’s now a scripting module available. This allows to write and execute PowerShell scripts and to load and save them in a small management console. The important part here is, that you can easily define the scope, you want to execute the current script: on Office 365 tenant level, for specific OU’s or for custom objects. To see all details of this module, pls. see the upcoming article about scripting.
  • New Daily License Statistics: This new statistics delivers the daily status of Office 365 licenses used per OU. This data will be available in future versions.
  • New and updated Jobs: In former versions, there was only the SyncOp job running in the background. Now there are more background operations in place, as described in this list:
    Synchronization Job: This job synchronizes all modifications from Office 365 to Delegate365 and runs every 4 hours. The same job can be executed manually anytime in Delegate365.
    License Aggregator Job: This new job runs all 6 hours and protocols the daily status of Office 365 licenses used per OU for further usage.
    Log Sink Job: This job runs all 5 minutes and pulls out messages from the logging queue and persists the data to the Delegate365 database and to Azure Storage.
    Sync Notifications: To optimize the transportation to the notification center, now this job takes care about checking for news all 3 hours and delivers them to the Delegate365 database.
  • New Sync Options for Security Groups: Security Groups now can be automatically assigned by their name. A free prefix can be defined to split an OU name and the group name, for example, “New York_HR” would assign that security group to OU “New York”.
  • New Menu structure: To clear up the administration menu, this is restructured.
  • Fixes: Syncing of Dynamic Groups could produce an error because the API simply does not deliver the Object ID. We built a workaround for that, this is now fixed.
  • Small changes: We took care of typos, used better wording in some pages and added some descriptions in various pages.

The new features will be described in own articles. Existing Delegate365 tenants will be updated during December. We will inform about the schedule as soon as we are done with the final testing's. So, stay tuned for the new version of Delegate365!




Delegate365 announcement about upcoming changes in version 6

Monday, September 12, 2016

Delegate365 will receive a major update in October. This will be Delegate365 version 6 and will include a change in the audit logging system, a new license history and a preview for more custom automation features. Read the first details here.

  • Change of logging: With the next update to version 6, the audit logging will be changed. There is a switch implemented which allows D365 to store logged data in various spaces and formats. The following graphics shows an overview at a glance about the planned features.
    image
    Data will no longer be stored in the Web in CSV format, but in the D365 database for up to 90 days and in Azure storage in JSON format forever.
  • Direct Access of Azure storage: Besides of the almost unlimited space in Azure storage, data in that storage can be accessed directly (if you have the permissions). This allows Portal Admins to generate a URL with a token with an expiration date to download the produced log files. The token is issued by D365, as tool you can download the logs with the cost free Microsoft Azure Storage Explorer.
  • Daily Office 365 license statistics: To see the real usage of licenses per OU and per day, week, month or year, D365 stores daily data from now on. This data will be available for further usage.
  • More Automation: We got a lot of feedback about implementing custom actions in D365, for example setting specific user properties, assigning custom licenses for specific users, setting Skype for Business policies for users in OU’s and so on. To avoid a cost intensive customization we decided to go another way: We are implementing scripts (like “Macros”) with a powerful editor with intellisense that can execute… PowerShell!
    Yes, you read correctly. D365 will support PowerShell commands and whole scripts for fulfilling custom tasks in Office 365!
    image
    We are currently developing and testing and plan to update D365 with this module in mid to late October. The working title for this feature is “D365 Automation”. Any other suggestions?
  • More: Improvements in the Sync operation, fixes and some more features…

You see there are cool features coming to Delegate365 version 6. Stay tuned!

Extra articles will inform about the new features when available and will show the HowTos with Delegate365 version 6 shortly.




Delegate365 Roles and Notifications

Saturday, September 10, 2016

Delegate365 can send notifications for specific operations. Here’s a short overview of roles and in which situations notifications are sent.

Who can get notifications?

In Delegate365 we have these roles a user can have for using the portal.

  1. Portal Admins: They have full access to all features and can configure D365.
  2. Scope Admins: They have administrative management features for “their” users, licenses and groups. The difference between Portal and Scope Admins is simply the switch “Is Portal Admin” in the administration / manage administrators and Edit admin feature (see the full screenshot below).
    image
  3. License Admins: This can be Portal Admins or Scope Admins. They are defined in the administration / manage administrators and Edit admin feature with the switch “License Administrator” (see the full screenshot below). They can manage license requests.
    image
  4. Users: Standard users who can use the D365 Self service password reset feature (SSPR).

All user types can receive emails (or SMS) from D365, but their email notification must be configured.

Requirements for users

Standard users can receive emails (or SMS) when the have configured the SSPR and they want to reset their password. For using SSPR, the email contact type and address can be configured by the user (if allowed by the Portal Admins) himself with this URL:

https://[companyname].delegate365.com/passwordnotification

Then, the SSPR can be reached anytime with that URL:

https://[companyname].delegate365.com/passwordreset

See the process for doing the setup in How to manage self service password reset for users in Delegate365. Users who reset their password will receive an email and can proceed with changing their password as described in that article.

Requirements for Admins

On order to receive emails, the Portal Administrator must open the administration / manage administrators and Edit admin feature of the Admin and set the Notifications switch to YES. There must be an email address stored as in the screenshot below. The email address used can be any email address (this means it can be the same as the Admin’s UPN or a different as in the sample above where another domain is used).

image

After clicking Save, these settings are stored for that admin. This procedure must be followed for each Admin who shall receive emails (so the Portal Admin has to set this for Scope his Admins).

Note: All Admins will be able to do this for their account in the properties in near future – this will come with one of the next updates.

image

E-Mail or SMS?

In D365 we offer to send SMS as well. Since email usually is the preferred notification method and it’s free, most of our customers do not use SMS notifications. If enabled, the Notification phone field (see screenshot above) is active and can be used. If you are interested to receive SMS notifications pls. contact us for a quote.

What notifications are sent?

In D365 there are currently these situations, where notifications are sent to Admins:

  • An email is sent, when a license request is sent (menu “License orders”)
  • An email is sent, when the quota is reached or exceeded for OU’s.

The purpose is that the license admin see that there’s a need for more Office 365 licenses instantly so that they can react and take care of the Office 365 licenses needed.

So, D365 is not very noisy. Just the license orders and license quota exceeded messages are sent to admins if the notification is configured. Users receive only emails from D365 when they have SSPR configured and reset their password.




If you want to see the full changelog, please visit our blog.