Delegate365 changelog version 8.0-Group OU’s

Wednesday, July 25, 2018

With Delegate365 version 8.0, besides many other features, a brand new feature has been added to Delegate365: Group OU’s. In short, a Group OU can be used by Scope Admins for using members of another OU they do not manage themselves. See how this works here.

In Delegate365, Scope Admins can manage all objects of their assigned OU’s. But, they could not assign other users they don’t manage to any group. This is where Group OU’s come in. To illustrate this new feature, let’s have a look at this sample.

The Scenario

Our scenario is a school environment, with three logical OU’s, based on the school location: Seattle, Kirkland and Bellevue, these are located in the Washington state area in the US. In the School Organization, teachers are working basically in one location, but are teaching partly at others schools as well. In their main location, teachers are fully managing their students with Delegate365. In other schools, they shall not be able to manage students there.

So, we have a Scope Admin Adele who is a teacher. Her main school is Seattle, but she also teaches in Kirkland for some hours a week. The red box shows that visually in the screenshot below. Adele is assigned to OU Seattle (her own school, highlighted in yellow), but not to Kirkland.

Now imagine, Adele creates a new Office 365 Group named HistoryCourse in Seattle. She wants to add teaching material to that group and she wants to collaborate with all members of that Office 365 Group HistoryCourse.

The issue: Cannot find users of other OU's

When adding members to Office 365 Group HistoryCourse, Adele can only add members of "her" OU Seattle… but she wants her students of Kirkland to be in that group as well.

In this sample, there exists a user Debra in OU Kirkland, managed by another administrator, but Adele does not see that user.

So, Adele cannot find Debra and add her to the group because she cannot manage OU Kirkland.

The solution: Group OU's

For enabling such a scenario, Group OU's were added to Delegate365. A Group OU is a normal OU and there's no difference to other OU's. Note, the OU management has not changed at all.

What's new is that in the administration / manage administrator's menu there's a new menu named "Edit group OUs" when a user is selected as shown in the following screenshot.

As before, "Edit OUs" assigns a user to be administrator of one or more OU's, nothing changed here.
Now, when a Portal Admin assigns a Group OU to a Delegate365 Admin, this means that that user cannot manage objects in these OU's, but he can see members of these OU's and add them to his own groups.

To align with our scenario, we simply select Adele, click "Edit group OUs" and select Kirkland and save that Group OU assignment.

Now the Group OU Kirkland can be assigned to Scope Admin Adele.

As before, she can manage only objects in Seattle, but now she will see all objects in Kirkland, without being able to manage any objects in Kirkland.

Test it with Group OU assignment

So, now it is possible to add users of OU's and Group OU's as members to any group. Adele now can find user Debra from OU Kirkland.

Finally, with Group OU's, Adele can add users from both OU's, from her own OU Seattle, and from OU Kirkland to her Office 365 Group.

Here, Debra belongs to Kirkland  and Adele is assigned to Seattle.
This was not possible before the new Group OU feature.

Group OU's summary

So, here's the summary of the new Group OU's in Delegate365 version 8:

• Any OU can be a Group OU. There is no difference in the OU properties itself, it's just an assignment.
• The OU management has not changed.
• The new Group OU's can be assigned to Delegate365 Administrators (to Portal Admins and to Scope Admins) optionally.
• Portal Admins can assign Group OU's in the same way as they assign OU's in the administration / manage administrators menu.
• Administrators now can add users from assigned Group OU's to their own groups
• Also, users in Group OU's can be used for delegated permissions of mailboxes as Full control, Send as, etc. and for assigning a manager to a user – everywhere where the people picker allows to add users.
• Administrators can only manage objects of their own OU's (as before). They cannot manage objects of their assigned Group OU's.
• Reports, PowerShell cmdlets (coming soon), etc. work only for your own OU's (as before).

Group OU's allow to add or remove users of other OU's as members in your own groups without the possibility to manage the objects itself. So, Group OU's add more delegation features to Delegate365.

We think, the new Group OU's make sense to broaden the functionality for Delegate365 Administrators. See other new Delegate365 features here.

Delegate365 changelog version 8.0-A new major release

Tuesday, July 24, 2018

Delegate365 version 8.0 is a major release with a bunch of new features and updates. This Delegate365 version brings support for a new partner login, improvements in the setup process after updates, integration of Azure Event Grid, new user profile features, new Group OU's, a new check email address module, some bugfixes, new security features and some more features. See the details here.

The last update of Delegate365 version 7.5 took place in April. We have been busy developing and testing Delegate365 since then. Now is the time to launch the new Delegate365 version 8 and the new features. Let's start with the new setup.

• New setup without consent: In the last years, we continuously added more features to Delegate365 and performed version updates every few months. Some of them required to add more permissions to the Delegate365 app which then required to run a new Delegate365 setup asking for more permissions and requiring the consent of an Office 365 Global Admin after the sign-in process on behalf of all users. We sometimes experienced issues when the setup admin forgot to accept the new consent on behalf of all users. Then, no user could sign-in until the consent has been given by a Global Admin.
  So, we decided to simplify the update process for our customers as much as possible. Since it is still necessary to run a new setup if new app permissions are needed for new Delegate365 functionality, giving the Global Admin consent explicitly now is no longer necessary.
  The new setup creates a Delegate365 app with the runtime of two years and automatically confirms the consent during the setup process. The setup UI and the flow with the two steps is unchanged (see Delegate365-(Re)run the setup, but without consent). During the setup, the Delegate365 configuration password (you get that from atwork) and your Global Admin credentials must be filled into the fields. Then, click "Complete". The Delegate365 setup creates a new app with the required permissions, accepts the consent and will be finished after about one minute. Then, Delegate365 can be used by all users.
  
  Now, there's no active consent of a Global Admin on behalf of all users necessary. This is done automatically during the setup to simplify the update-process.
• Future Updates and Setup: Depending on eventually required app permissions in future Delegate365 releases, it will still be necessary to run a Delegate365 setup update. If no new app permissions are required, there is no need to run a setup after an update process. This works in the same way as before.
  
• Update to Delegate365 version 8: We will contact our customers and arrange a time for the Delegate365 update. After your Delegate365 tenant has been updated to version 8, an Office 365 Global Admin needs to execute the Delegate365 setup.
• Partner-Login – for partners and support cases: The new version enables organizations to add partner logins from another Office 365 tenant as Delegate365 Administrators as well. This is helpful for partners who want to manage multiple Delegate365 customers with their own Office 365 login. Also, this feature can be used for support cases. In case of an issue, a Portal Admin can add the vendor or partner with his own User Principal Name to the Delegate365 Administrators list. The support engineer can now work in Delegate365 with the defined permissions. When the support case is closed, the external partner login can be removed (or the Admin permissions can be removed).
• Partner-Login – How to add external Administrators: Portal Admins can define the Delegate365 Administrators in the administration / manage administrators menu. Now, additionally to users of the own tenant, any other Office 365 email address can be used as Delegate365 Administrator. Simply type the external email address into the User Principal Name field, that's it. The people picker understands internal and external addresses. The following screenshot shows another work account (…@atwork-it.com) that is not existing in the own (…@M365x897613.onmicrosoft.com) Office 365 tenant and is added as Scope Administrator in Delegate365.
  
  External Delegate365 Administrators work exactly in the same way as Administrators in the own Office 365 tenant: They can be Portal Admin or Scope Admin and have a custom set of permissions. We think the "Partner login" is a very helpful feature in real world scenarios.
• New Group OU's: Speaking about Delegate365 Administrators, there's a brand new feature now available: Group OU's. A Group OU can be used by Scope Admins for using members of another OU they do not manage themselves in their own groups. To see a description of this feature in detail, pls. see the article "Delegate365 changelog version 8-Group OUs".
  
• New Web API Key per Administrator: In each profile of a Delegate635 Administrator, now there is a new section "Web API key". You find this property at the end of the Administrator's pane when an Administrator is selected in the list and "Edit admin" is opened. This is the personal key for this user for executing Delegate365 PowerShell commands. This feature will be described in more detail in the next version 8.1 that is planned for end of summer. Anyway, showing and renewing "Generate" the Administrator's key is already integrated here.
  
• User profile picture: Delegate365 now enables to see and to change a user's profile picture in the "Edit" function. This is done via the Microsoft Graph that requires that the user has a license for Exchange Online assigned. So, all users with an Exchange mailbox can have a user profile picture and Delegate365 Administrators are able to see and to modify that if needed. When clicking "Change", a new profile picture can be uploaded into the mailbox. The new picture will be available within the next minutes in the Office 365 services.
  
  Note: If a user has no Exchange mailbox assigned, the loading progress takes a little bit longer and a dummy picture with the user's initials is generated. Administrators then cannot remove or change the user profile picture since it is virtually. So, this feature depends on the Exchange Online license of the user.
  
• User Manager: Now Administrators can see and modify a user's manager directly in Delegate365 as well. The Manager property can be modified if the user is a cloud user. The people picker allows to select an existing user quickly, as in this sample. There can be only one manager assigned.
  
  The Manager field has been added in the user's property pane in the "additional details" box.
• Check email address: In the "More" menu, there is a new module named "check email address". This is a requested feature, since it can happen that a Delegate365 Administrator wants to use an email address that is already taken, but not visible in the Delegate365 portal, since the Admin cannot manage that object. But, an email address might be already existing somewhere in the Office 365 tenant, as alias email address of a user, a shared mailbox or resource, as email address of a Distribution Group or of an Office 365 group or similar. In here, Administrators can ask Delegate365 if any email address is already taken or available.
  
  If an email address is already used, Delegate635 informs what type of object is using that email address, or if the email address is available, e.g.
  alexw@M365x897613.onmicrosoft.com - Recipient exists, Type: UserMailbox
  sales@M365x897613.onmicrosoft.com - Recipient exists, Type: MailUniversalDistributionGroup
  support@M365x897613.onmicrosoft.com - This email address is not existing in the Office 365 tenant. Feel free to use it.
  So, this small module helps to check for existing email addresses anytime, anywhere in the Office 365 tenant.
• New Extensibility: Sometimes organizations using Delegate365 have the requirement to run additional tasks when users have been created or other objects have been changed in Office 365. Since every company has it's own processes and tasks, we decided to support custom functions out of Delegate365 to keep this very flexible: We added integration for Azure Event Grid to Delegate365. This feature can act like a Swiss Army Knife and trigger external functions if needed.
  Delegate365 extensibility works with an HTTP endpoint and delivers events that happen during the periodically happening Delegate365 sync operation. This allows organizations to run their custom tasks externally, e.g. in Azure functions with PowerShell or any other supported programing language.
  Portal Admins find this module in administration / configuration / extensibility. In here, the topic and the AccessKey of the Azure Event Grid must be specified. Below, the whole trigger system can be set to Active Yes or No – to configure it and set it active or inactive easily when needed. The switches trigger sending an event to the Azure Event Grid when the Delegate365 sync operation runs. Currently, these events are supported: Create user, Delete user, Update user, Sync Start and Sync End.
  Note that trigger must already exist when saving this configuration.
  
  To see a description of this feature in detail, pls. see the article "Delegate365 changelog version 8-Extensibility" (the article and link will be available soon).
• Small Bugfixes: Some minor bugfixes have been performed in this version: An Office 365 Group did not always show all members, field validators have been improved, better descriptions have been used, etc. These small issues have been fixed.
• Internal security improvements: The Delegate365 portal works as an easy to use tool for accomplishing the most common tasks in an Office 365 environment. Users using Delegate365 first must sign-in with their Office 365 account and they must be assigned as Administrator in Delegate365. Once a user has signed-in and both checks were successfully, he can use the Delegate365 portal. To avoid that such a signed-in user can manipulate any data sent to the Delegate365 services, we have added more security-features within the service. On the client-side, input fields in Delegate365 forbid to enter any Javascript code before sending the data back to the service. On the server-side, the Delegate365 services check the data and if the signed-in user is allowed to perform the action with the data sent by checking all permissions again before they are executed. With these activities, Delegate365 avoids any security breaches of a Delegate365 administrator after he is signed-in and if he tries to manipulate data sent back to the service.

Delegate365 version 8.0 provides brand new features and improvements. The update time will be planned accordingly with our customers starting end of July. New Delegate365 tenants will get this version automatically.

We hope, you like the new features of Delegate365!

Delegate365 changelog version 7.5-SignIn-Activities and GDPR module

Friday, April 27, 2018

The previous versions of Delegate365 brought major updates with the new reporting engine and over 80 reports. With Delegate365 version 7.5 there are more improvements coming as litigation hold for Shared Mailboxes, more reports and a new GDPR module. See the details here.

• Important: If your current Delegate365 version was 7.3, you need to run a new Delegate365 setup once. Please see Delegate365-(Re)run the setup for a step-by-step manual. This step is necessary after the update to Delegate365 v7.5 was done. This step is NOT necessary if you have already been on Delegate365 version 7.4.
  You need to have a Global Administrator without MFA enabled to run the setup and to accept the new Delegate365 consent:
  
  So, after the setup, login with the Global Administrator and accept the new consent for all users in your tenant - otherwise no one can sign-in and use the Delegate365 app.
• Report-Update: Exchange User forwarding: Users and Admins can configure email forwarding to another (internal or external) mailbox. If forwarding is set, the Exchange/User forwarding report informs about these forwards. Then, Admins get a list of all users within their OU's with information if email forwarding is activated and to what address, similar as here (the Excel output is already filtered in this sample).
  
• [Updated May 4th:] OneDrive Report of a user includes a "shared only" option: In the users list, an Admin can generate a list of files of a user’s OneDrive for Business storage. There’s a new switch to show only files in that report that have been shared with other users- This reduces the report size and makes sense e.g. if a user leaves the organization and you want to inform the other users that there are shared files existing that will be lost if the user is deleted.
  
  By default, the "Only shared files" switch is set to Yes.
• New report: Azure Active Directory Sign-in activity: As the name suggests, Admins get a report of successful and unsuccessful sign-in activities of their users for the last 30 days.
  
  When the report is generated, the list informs about users, status, location and apps that were used within your tenant. Scope-Admins see just their entitled data.
  
• Tip: Visualize the Azure Active Directory Sign-in activity report with Microsoft Excel or Power-BI!
  Download the generated CSV or Excel-file and use it as data source. Here, you can create various interesting graphics with filters as needed, similar as in this sample with Power-BI here.
  
  This map powered by Bing, shows unsuccessful logins that were blocked by the Office 365 login system. With that data, you can generate reports as:
  - SignIn-failures
  - Successful logins
  - Logins by country
  - Logins by city
  - Logins by UPN
  - Logins by App
  - Logins by Devices
  …and so on. The data can be used and filtered as needed, as e.g. to get an overview of the apps used, etc.
  
  So, Delegate365 reporting allows powerful statistics of all (entitled) sign-ins within your Office 365 tenant and even for Scope-Admins for their data.
• New GDPR-module: Portal-Admins get a new module in the administration menu named GDPR. This allows to fulfill a user’s request for the right to be forgotten in Delegate365.
  In Delegate365, the data sync operation automatically updates or deletes data from the Microsoft Office 365 tenant. So, deleted objects are deleted from the Delegate365 cache automatically without any additional effort. If a user requests that his personal data as the name, email address or other personal user properties shall be deleted from the Delegate365 audit logs (!), you as a Portal-Admin can follow that request here. Open the description in the GDPR page to get more information.
  This module works analogous to the report module. Portal-Admins can create a job to delete any personal user data from Delegate365’s audit logs. One or more UPNs can be added and submitted in the GDPR form for execution.
  
  Once the deletion-job is executed (this happens within some minutes), personal data is anonymized in all Delegate365 audit logs. A user name is anonymized as DeletedUserxx (with a current number) and any personal data is cleared in all entries. There is a report generated for each user. If selected, an email is sent to the job owner as in the report module. The generated report informs when and how often the user data has been cleared in the Delegate365 audit logs. With this module, Delegate365 provides a process for the Portal-Admins to fulfill the user's right to be forgotten consistently.
• Shared Mailboxes: New Hide from address list and Litigation Hold: These settings can now be controlled in Delegate365 by all Admins. Litigation Hold preserves items in the Recoverable Items folder in the user's mailbox and can take up to 60 minutes to take effect. Find more about setting Litigation Hold at Place a mailbox on Litigation Hold and In-Place Hold and Litigation Hold in Exchange 2016.
  
• Resources: New Hide from address list and Litigation Hold: The same goes for resources: New Hide from address list and Litigation Hold.
  
• Federated Resources fix: Federated resources have just two properties that can be successfully updated in the cloud. These are ResourceCapacity and LitigationHoldEnabled, while cloud resources that can be updated allow to modify ResourceCapacity, Department, Company, Alias, DisplayName, Name, HiddenFromAddressListsEnabled, and LitigationHoldEnabled. For federated resources, an update caused an error since read-only attributes would be updated. This has been fixed with this version.
  
  So, a synced resources can now be just edited as here – the remaining properties are disabled.
  
• [Updated May 2nd:] Synced Users, enable or disable a UPN change: Changing the UPN can now be controlled in Delegate365. In former Delegate365 versions changing the UPN was always possible for federated users as a feature the Office 36 portal does not provide. Since most organizations using hybrid mode, they manage users only in the on-premises Active Directory as leading system. In that scenario, you want to disable UPN change in Delegate365. Delegate365 knows about each object (cloud) status and deactivates properties that cannot be edited automatically as shown below. Now, this feature can be controlled with a new Admin setting in administration / configuration / settings: "[x] Admins can change the User Principal Name of federated users".
  
  If set to Yes (which is the default setting), Admins can change the UPN of federated users in Delegate365 as before. If set to No, the UPN fields are disabled in Delegate365. This setting is valid instantly and controls the behavior of the user edit form as shown here. (Note, that the already existing switch "[x] Admins can change UPN" is valid for could users.)
  
  For federated users, the UPN change can now be controlled by Portal-Admins in Delegate365 with this version. By default, it’s set to enable UPN change.
• Direct link to Delegate365 changelog and articles: In the status line on each page bottom, you see the current Delegate365 version. Now, users can click on the version link to open the atwork blog automatically filtered for articles about Delegate365. The newest article is on top. The direct link is http://bit.ly/d365-blog.
  
  This helps to get an overview of the latest product news about Delegate365 quickly.

Delegate365 version 7.5 provides useful updates and new features. We hope you like them. The update time will be planned accordingly with our customers. New Delegate365 tenants will get this version automatically starting by begin of May.

Delegate365 reports at a glance

Thursday, April 12, 2018

Recently, Delegate365 got a new reporting engine with version 7.3 and more reports have been added with version 7.4 and version 7.5. In total, there are now 87 reports available (and likely more are about to come in the following versions). To keep up with the latest reports, we want to deliver an overview of all available reports at a glance here.

Start

The reports menu reveals the Delegate365 reports list. The reports are available for all users in Delegate365, for Scope Admins and for Portal Admins. Scope Admins see just data of their entitled OU’s in all their reports. Portal Admins get additional reports marked with a star* and a comment (* Portal Admin), that deliver reports and statistics about the Office 365 tenant and services without any OU filters. The screenshot below shows the reports list, grouped into nine categories.

Select

Admins can start a report request anytime and they can get an email notification when the report is ready for download. The graphics of currently available Delegate365 reports delivers an overview (click to enlarge):

The report categories are Azure Active Directory, Risk Events, Office 365, Microsoft Teams, Skype for Business, Yammer, SharePoint, OneDrive, Exchange, and Delegate365. The reports are generated from the Microsoft Office 365 APIs. The Delegate365 reports deliver data as seen in Delegate365. Report #87, the "OneDrive files" report, is located in the Users page if a user is selected, but follows the same principle as all the other reports.

When a report is submitted, the job is added to the Scheduled reports section with it’s job number. The reporting engine picks that up after a short time, generates the report, and moves the report job to the finished reports sections. See the reports with a short description and a sample output at Delegate365 changelog version 7.4-additional reports with risk events and Microsoft Teams, OneDrive shared with and groups as members.

Finish

Once a report job is done, it shows up in the finished reports section. If selected, the Admin gets a notification email as well. Each report can be downloaded as CSV or Excel file for further usage as shown here.

The downloaded reports can be used in other clients as in Microsoft Excel, Power-BI or other systems. Also, the files can be easily archived in a custom location if needed. All finished reports are stored for 7 days for the user who initiated the report. After that week, all reports are automatically deleted.

We hope you and your admin colleagues find a bunch of useful data in the Delegate365 reports in your tenant!

Delegate365 changelog version 7.4-additional reports with risk events and Microsoft Teams, OneDrive shared with and groups as members

Thursday, February 15, 2018

With Delegate365 version 7.3 a new reporting engine was introduced. With this update, additional reports are available in Delegate365 version 7.4. The new reports deliver a new report category with risk events, as for example impossible travel risk events or suspicious IP risk events, new Microsoft Teams statistics reports and more. Also, OneDrive usage per user and Shared-With information is now available as a report. Mail Enabled Security Groups can now be assigned with permissions in Resources (rooms and equipment mailboxes) and Shared Mailboxes. See the details and descriptions of all reports here.

• Important: Since the new reports require additional permissions in the Office 365 tenant, a Global Administrator needs to run a new Delegate365 setup once. Please see Delegate365-(Re)run the setup for a step-by-step manual. This step is necessary after the update to Delegate365 v7.4 was done.
  You need to have a Global Administrator without MFA enabled to run the setup and to accept the new Delegate365 consent:
  
  So, after the setup, login with the Global Administrator and accept the new consent for all users in your tenant – otherwise no one can sign-in and use the Delegate365 app.
• Additional reports "Risk events": The list of available reports now offers six new reports showing threads to the Office 365 tenants – filtered just for the entitled OU’s of the signed-in administrator.
  
  See Azure Active Directory risk events for info about the protocolled risk events in an Office 365 tenant.
• Additional reports "Microsoft Teams": This is a new group offering two reports from Microsoft Teams.
  
  
• Available reports: With Delegate365 version 7.4, the following reports are available. (NEW) indicates new reports compared to v7.3. See all reports with a short description and a sample output summarized here (click on the image to enlarge it).
  
• Risk Events (NEW)
  • Anonymous IP Risk Events (NEW)
    This report shows successful logins from anonymous proxy IP address that could be used to hide the real device’s IP address for malicious intent.
    
  • Impossible Travel Risk Events (NEW)
    This report shows sign-ins from geographically distant locations, that are also atypical for the user, given past behavior.
    
  • Leaked Credentials Risk Events (NEW)
    The Microsoft leaked credentials service acquires username and password pairs by monitoring public and dark web sites and reports stolen credentials in that report.
    
  • Malware Risk Events (NEW)
    This report shows sign-ins from devices infected with malware, that are known to actively communicate with a bot server by IP address comparisons.
    
  • Suspicious IP Risk Events (NEW)
    This reports shows IP addresses from which a high number of failed sign-in attempts were seen, across multiple user accounts, over a short period of time.
    
  • Unfamiliar Location Risk Events (NEW)
    After an initial learning period of 30 days,this reports shows user logins from unfamiliar locations not close to known, familiar locations.
    
• Office 365
  • Office 365 active user detail
    This reports shows all users that are active (not deleted) and their current licenses status and the last activity date per service.
    
    
  • Office 365 groups activity detail
    This report shows the usage of the Office 365 groups, the storage size in SharePoint, number of messages in Exchange, last activity date and more – all you need to know about your Office 365 groups.
    
    
  • Office 365 activations user detail
    This report delivers activated Office 365 licenses per user. If more information is existing, the license activation date and installed clients are shown.
    
• Microsoft Teams (NEW)
• Teams device usage user detail (NEW)
  Shows the devices used for accessing Microsoft Teams per user for the selected time period.
  
• Teams user activity user detail (NEW)
  This report delivers the users and when they last accessed Microsoft Teams. Additionally, the assigned user licenses are shown.
  
• Skype for Business
• Skype for business activity user detail
  This reports shows Skype for Business statistics per user, for example the number of conferences, the sum of minutes consumed, the number and date of the last participations and much more.
  
  
  
  
• Yammer
• Yammer activity user detail
  This report shows the last activity date per user and the number of posts written, read and liked in the selected time period.
  
• SharePoint
• SharePoint activity user detail
  This report shows the last activity date per user and the number of files and pages visited in the selected time period in SharePoint Online.
  
• OneDrive
• OneDrive activity user detail
  This report shows the last activity date per user and the number of files accessed and how many files have been shared in the selected time period in OneDrive for Business.
  
• Exchange
• Outlook activity user detail
  This report shows the last activity date per user and the number emails sent and received and read in the selected time period in Exchange Online.
  
• Outlook app usage user detail
  This report delivers which apps users are using for accessing their mailbox, including clients, Web, IMAP, SMTP and POP3.
  
  
• Outlook usage detail
  This reports delivers detailed information about mailbox usage as the mailbox size and number of items, the quota and warning limits per user in the selected time period.
  
  
• OneDrive files report generation: In the users list, a new menu is available for the selected user: Report OneDrive files generates a report about all files of the user that are existing in the personal OneDrive for Business storage and what files are shared with whom. A use case for this report is that if a user leaves the organization, the admin can see what files have been shared with other users. Then, these common files could be transferred to another user’s OneDrive, SharePoint site or similar. So, the report shows these shared files as well.
  
  A pane opens asking for a notification email address. The signed-in admin is automatically existing in the email field. The generation of the report can take a longer time, if the user has thousands files stored, each file must be checked and looked up, if it was shared or not. So, a notification makes sense in most cases to see the report, when it’s available.
  
  When clicking Submit, the report engine gets a new job and the OneDrive files report task is visible in the reports menu in the Scheduled reports box.
  
  Once generated, the report can be found in the Finished reports box where it can be downloaded.
• OneDrive files report result: The OneDrive files generated reports delivers all files of the user’s OneDrive storage. The report shows one (or more) line(s) per file with name, path, size, and modified date and with whom the file is shared with.
  
  Basically, SharedWith always shows the file owner, in this sample, AdeleV. If the file is shared with other users, there is a line for each user with his Roles is added to the report as seen here.
  
  The WebURL allows to open a file directly with the Office Web apps to have a quick look at the file (if the user has permissions). ParentPath shows the location of the file in the folder structure to find it easily. So, this report delivers all files and their status of a user’s OneDrive storage.
  In Excel, filtering is simple: If you want to see all shared with, filter the Roles for all other roles as "owner", here only "read":
  
  Then Excel shows just the other users and the files they have access to. Excel provides more methods for summarizing, grouping and pivoting if needed.
• Support for group membership: In Office 365, it’s possible to add a Mail Enabled Security Group as member to user’s mailboxes, as delegated user in Resources (rooms and equipment mailboxes) and Shared Mailboxes. This does not work for other group types (see Working with Exchange Mailboxes and Groups as members), but for Mail Enabled Security Group only. So, this feature has been added to Delegate365. With this update, it’s possible to select a Mail Enabled Security Group from the people picker as well.
  
• Using group membership: You can create a new Mail Enabled Security Group in Delegate365 in groups / distribution groups (basically, a Mail Enabled Security Group is a Distribution Group in Office 365). Ensure that the "Mail enabled security group" switch is set to Yes.
  
  Tip: Since this is an Exchange object, it can take some minutes, until the new group is visible.
  Then, the (new) Mail Enabled Security Group can be added as member for a user’s mailbox delegation. In this sample, we assign the group "MailEnabledSecurityGroup1" with the permission Full Access to AdeleV’s mailbox. All members of that group have access to that mailbox.
  
  The same functionality is available for Resources and Shared Mailboxes as well.
  
  This new group-as-member feature is compliant with Office 365 and simplifies management and allows all members of the assigned group to access the mailboxes.
• Fixes: Some labels and descriptions have been updated and the CSV and Excel download icons have been changed.

Delegate365 version 7.4 provides additional reports and new features. The update time will be planned accordingly with our customers. New Delegate365 tenants will get this version automatically starting by end of February.

Delegate365 changelog version 7.3-new reports

Monday, February 12, 2018

The newest version 7.3 of Delegate365 provides a complete new reports module that replaces the old reports section. See the benefits and the details of the new Delegate365 reporting engine and how to use it for all your Delegate365 admins with just their entitled data. Learn about the details here.

• New reports menu: The old reports menu was replaced by the new module. Now, there are four boxes with a description, the available reports, scheduled reports and finished reports. All Delegate365 Admins can now select from new reports (1 and 2), activate a notification when finished (3) and start a report job with the Submit button (4). This creates a task in the schedules reports list (5). A job picks that task and executes it after a couple of minutes. When the report has been created, a notification can be sent to the report owner and the report shows up in the finished reports list (6). Refresh updates the reports boxes (5 and 6) with the current status if needed.
  
• Reports scope: All reports are filtered just for the entitled OU’s of the signed-in admin. So, the report engine collects the requested data, looks up the entitled objects and delivers just a subset of all tenant data. Scope Admins can now use these reports for collecting data reports just for their relevant data. For example, if the logged-in Admin is entitled for OU’s Seattle and New York, then the generated reports just sh ows users, groups and actions in these two OU’s. Any data outside of these OU’s is not shown.
• Options: Some reports can be filtered for a time range from 7 days up to 180 days, depending on the report type. The time range selection gets active or inactive then.
  
• Notifications: Since the generation of a report can take some minutes, it often makes sense not to wait for the result, but let the report engine send a notification to an email address specified in the notification field.
  
  The email comes with a subject "D365 Report engine" and a message as "Hi, this is a notification sent from your Delegate365 solution.Your report #64 OneDrive activity user detail was created successfully".
• Flow and operation: The user selects a report, the time range and if a notification shall be sent. When clicking the Submit button, a task is generated and the report request shows up in the scheduled reports. Each job gets a current number, #64 in this following sample (1). This identifies the report, along with the report name, the selected filter and the creator of that task. Every users sees just his own report tasks. So, the current number can be not continuously.
  There is a time span of about 3 minutes until the report job picks up the task. Within that time, the user could cancel the job with the trashcan icon (2). This is useful, if you find out that the scheduled job was a wrong report or the filter is not correct. Then, it makes no sense to execute the original report creation, but cancel it and create a new report job.
  
  Once a job is done, the resulted files can be downloaded (3 and 4). Report files can be deleted with the trash icon (4) as well anytime.
  
• Generated reports: Reports that have been finished show up in the finished reports list.This usually takes some minutes. Once the job is completed, two reports are generated to download: a CSV file (a comma separated values text file)  and a XLSX Excel file. Both files can be downloaded with the corresponding icons. The file name is the ID of the job, stored in the Azure temporary storage.
  
  With this output, data can be used in further systems for analyzing easily. This makes more sense than showing a graphics in Delegate365.
• Generated reports availability: Reports that are generated are available for the last seven days for download. After that time, the reports are automatically deleted from the Azure storage and from the finished reports list. Reports downloads are handled with a security token that is just valid for the signed-in user and a short time frame. So, only entitled users can download the report file and abuse is prevented.
• The CSV file can look as here: The OU name of the object is part of each record.
  
• The Excel file can be opened directly and shows the same data as a formatted table:
  
• Available reports: With Delegate365 version 7.3, the following reports are currently available:
  
  See following sample reports by clicking on the image to enlarge it.
• Office 365
• Office 365 active user detail
  This reports shows all users that are active (not deleted) and their current licenses status and the last activity date per service.
  
  
• Office 365 groups activity detail
  This report shows the usage of the Office 365 groups, the storage size in SharePoint, number of messages in Exchange, last activity date and more – all you need to know about your Office 365 groups.
  
  
• Office 365 activations user detail
  This report delivers activated Office 365 licenses per user. If more information is existing, the license activation date and installed clients are shown.
  
• Skype for Business
• Skype for business activity user detail
  This reports shows Skype for Business statistics per user, for example the number of conferences, the sum of minutes consumed, the number and date of the last participations and much more.
  
  
  
  
  
• Yammer
• Yammer activity user detail
  This report shows the last activity date per user and the number of posts written, read and liked in the selected time period.
  
  
• SharePoint
• SharePoint activity user detail
  This report shows the last activity date per user and the number of files and pages visited in the selected time period in SharePoint Online.
  
  
• OneDrive
• OneDrive activity user detail
  This report shows the last activity date per user and the number of files accessed and how many files have been shared in the selected time period in OneDrive for Business.
  
  
• Exchange
• Outlook activity user detail
  This report shows the last activity date per user and the number emails sent and received and read in the selected time period in Exchange Online.
  
  
• Outlook app usage user detail
  This report delivers which apps users are using for accessing their mailbox, including clients, Web, IMAP, SMTP and POP3.
  
  
  
• Outlook usage detail
  This reports delivers detailed information about mailbox usage as the mailbox size and number of items, the quota and warning limits per user in the selected time period.
  
  
  
• More reports will follow with the next Delegate365 update. As soon, as Microsoft reveals more features to their APIs, we will integrate them into Delegate365.
• Old reports section: The old reports menu with sub menus for each report have been removed.
  
  This report data is no longer available from the Microsoft APIs, since they were depreciated. The new reports scale better and deliver much more functionality and useful data.
• Fixes: If contacts had notes with more than 250 characters, the sync threw an error. This has been fixed with Delegate365 version 7.3. Also, descriptions and labels have been updated.

We think the new reporting engine in Delegate365 version 7.3 makes sense and delivers useful and reusable data. Delegate365 v7.3 will be updated starting mid of February to all existing productive environments. Hope you like it!

Delegate365 changelog version 7.2-additional sync rules and more

Wednesday, January 31, 2018

With Delegate version 7.2 there come some new and useful features especially in the sync rules. See the details described here.

• Sync Rules: Groups OU-assignment by new name rules: All group rules now offer additional options in the Property dropdown allowing to assign a group to an OU by its name. To get the OU name out of the group name, the OU name must be the prefix of a name and a predefined separator must be used. The options include the following separators: [space] , [underscore] _, [hyphen] –, [point] ., and [slash] /.
  
  To clarify the mechanism, the options show a sample. So, if a group Display Name is set to "New York_Group", the sync rule strips down by the separator "_" and uses "New York" as OU name and "Group" as group name. So, group "Group" is automatically assigned to OU "New York".
  
  Take care when using a normal space character as separator: Then, the OU name can only be one word, for example: "New York Group" would result in an OU "New" and the group name is "York Group". As workaround, the OU-name could be named with a hyphen "New-York" or similar.
  That’s the purpose, to use a Display Name for automatic OU-assignment instead of object properties. Now, admins can use this feature additionally if needed for the following objects: Distribution Groups, Office 365 Groups, Contacts, Resources, Shared Mailboxes and Security Groups as marked red in the following screenshot.
  
• Sync-Rules: Automatic OU-assignment to OU "None": The same object types enumerated above, now offer a new, powerful switch: Assign unassigned groups to OU "None".
  Imagine, you define a rule for Office 365 groups that they are assigned to an OU in Delegate365 automatically, based on a property as CustomAttribute13 as shown below. All Office 365 groups with that property filled will be assigned to the corresponding OU. But, if there is no value filled in CustomAttribute13, a group will not be assigned to any OU.
  (Of course, Portal Admins already could manually assign objects to a specific OU in the administration / organizational units / assign module – and this still is an option.) Now, if Assign unassigned groups to OU "None" is set to Yes, all groups that are not assigned after all sync rules have been executed, will be automatically assigned to an OU with the name "None".
  
  So, if there are groups without an OU-information in Delegate365, they will be assigned to OU "None".
  If that OU "None" is not already existing, it will be created automatically. There is no automatic administrator assignment in place, this must be done manually later if needed. The OU-name cannot be configured and is always "None". But, since OU "None" is normal OU, the name can be changed anytime. In that case, a new OU "None" would be created if one of these switches is set to yes and if there are objects to be assigned to "None".
  This switch simplifies the OU assignment, so that all Office 365 objects are automatically visible in Delegate365, even if they don’t match any sync rules. Later, Delegate365 Admins can decide what to do with these objects and manually assign them to another OU or set any properties or define any rules.
  By default, the new switch Assign unassigned groups to OU "None" is always set to No and there are no changes to existing configurations – it’s an additional setting that can be used if it makes sense for your organization.
• Sync-Rules: new description: To match with the new functionality, the sync rules description has been extended to describe all possible features in this module.
  
• OU-Import: When talking about OU management, there’s now a new module in administration / organizational units / import ou’s that allows to import OU’s from a CSV file.
  
  The downloaded sample file consists of a simple list of names that shall be imported as shown here: one OU in one line.
  
  With Upload, this file can be selected, uploaded and then imported.
  
  If the import was successful, the list below shows the status. If an OU was already existing, a status "OU already exists" is shown, otherwise "success". This feature is helpful if an organization exports their extensive OU-list from their local Active Directory and wants to use these names as OU’s in Delegate365 easily. As usual, the OU’s can be renamed in manage OU’s. Don’t forget to assign admins to the new OU’s afterwards in manage administrators.
• Sync operations: new behavior: Running a manual sync is used very rarely and can take some time, depending on the tenant size and operations The following screenshot shows the old behavior (up to version 7.1). When the Sync button was clicked, the Progress box below showed the sync-progress at the bottom of the sync operations page.
  
  We removed the Progress box. Instead, there are now two buttons for triggering the sync operations:
  Start AAD sync starts a new sync operation. The new Start MFA job allows to explicitly run only the MFA sync operation defined in the sync rules.
  
  If a Portal Admin triggers a sync job, he needs to confirm the operation and a toast notification pops up as visual validation. The sync runs in the background.
  
  As before, the result is shown in the Sync history. Now there’s a Refresh button to check for the latest updates manually.
  
  With refresh, the sync history list gets updated and there’s no need for reloading the page oneself.
  The module description was moved into a box on the top as well.
• Sync operation: (Now) there can only be one! Another reason for changing the behavior was to avoid that admins start the manual sync multiple times parallel to the (maybe long time running) automatic sync job. In the past, this could cause issues since the result maybe did not reflect the admin’s expectations since there could be multiple sync running and maybe interfering themselves.
  Now, the sync jobs runs only once. If an admin starts a new sync, a message appears that there’s already a sync job currently running as shown here.
  
  In that case, wait till the sync job is finished and retry (or simply wait for the next automatic sync job). The Sync history box is your friend for seeing the current status and the result.
• Office 365 groups: Hide from address list: An Office 365 group can now be hidden from the address list with the new switch in the general box as shown below.
  
  By default, Hide from address list is set to No. Use this switch for an Office 365 group if needed.

So, we think the new additions to Delegate365 make sense for many customers. All existing productive Delegate365 tenants will be updated starting by the begin of February. New Delegate365 trials will automatically be available in the latest version. We hope you enjoy the new features of Delegate365!

Delegate365 changelog version 7.1-Fixes, User Interface improvements, Sync Lock, MFA and more

Monday, December 4, 2017

Right after Delegate365 version 7, we are releasing version 7.1 with some relevant updates. This version brings some fixes, an improved SyncOp, Sync Locking, First Start-support, a new Multi Factor Authentication automation feature, a streamlines sync rules experience, more videos and some updates. See the benefits and the details here.

• Dashboard-First Steps: To inform Admins if the basic Delegate365 configuration is missing, the dashboard now shows a First Steps box if necessary. This essentially helps new Delegate365 admins to show the required steps to configure Delegate365. Tasks that are already accomplished are marked with a green OK icon, open tasks are shown with an orange warning icon. So, this feature basically checks if they SyncOp has been executed to update the Delegate365 cache at least once, if at least one OU is existing, if at least one administrator has been assigned to one OU and one domain and if there are users assigned to any OU (so that there are users visible in Delegate365).
  The admin can click on the task to open the corresponding page to configure the desired properties. The following screenshot shows an example with three accomplished tasks and one open task.
  
  Once all requirements are satisfied, the First Steps box will no longer be visible (or show up again, if any requirement is missing). There is no manual method for switching the First Steps box on or off, it appears automatically to support the admin. Independently, Delegate365 checks if the connections to Azure Active Directory and Office 365 are valid as well. We think, this new feature makes sense in existing Delegate365 tenants and particularly in new ones.
• Quicker Dashboard: The dashboard now uses dynamic loading of the content to get a better user experience. So, the start page loads faster and shows the content when available. Small animated circles are shown until the boxes are able to show their content.
  
  This makes sense since the Office 365 service status sometimes took longer time to load and the whole page produced unnecessary waiting times. This behavior is gone now and admins get the dashboard page much faster.
• New UI elements: Detail pages now show a back button icon on the top and bottom of a page (instead of the text link "Return to the list…") to improve the visibility for the user for going back to the previous page.
  
• Help and Videos: Additionally, each page got a see video link on the top (see screenshot above). This opens a short video explaining the current page (well, we are still working on the videos, so if the overview video is shown, pls. give us some time to finish that for all modules). The video integrates into the page and allows to interactively control the video. By closing or clicking outside of the dialogue, the video box closes.
  
  We think this will help administrator to watch the functionality of the current module and to inform about the topic.
• Help page: The Help link available on the right side in the footer now uses the same concept and shows the initial steps for configuring Delegate365 in short videos.
  
  Again, these videos will be updated in near future.
• Sync-Rules UI standardization: The Sync Rules allow to define conditions for automatic OU assignments and Office 365 license assignments for users and groups in Office 365. We added more features in here, but the basic user’s OU assignment interface did no longer fit to the rest of the conditions. In previous versions, the dropdowns needed to be filled with the priority of the desired rule, where the property name must match any OU name in Delegate365 (as f.e. CustomAttribute13 stores "New York" and there is an OU "New York", so that the user gets assigned automatically). In contrast, newer conditions (in the boxes below) used dynamical assignments. So, the User box has been changed to the new dynamic conditions interface as well.
  Before:
  
  New version:
  For better clarity, now the admin can add more conditions dynamically as needed. Additionally, each rule can be set (in)active and the SyncOp can apply the rule to all users, sign-in allowed users or sign-in blocked users in the new user interface. Also, the Extended attributes have got an own box with the same options and allow a more customized filtering.
  
  Existing customers: All existing rules are automatically converted to the new interface. There is no action needed, but we recommend to check these settings and to save this page again.
• SyncOp performance: Since the Delegate365 synchronization fulfills a bunch of tasks, we are constantly checking and improving the SyncOp. Version 7.1 brings more error handling and better performance for specific operations as the User License Sync. So, in real world, the sync time can speed up, depending on the scenario.
• New SyncOp Locking "There can be only one": In former versions it was possible to start a manual sync multiple times, even when a scheduled sync was already running. This sometimes lead to confusion when objects should be modified that already were updated. To avoid such conflicts, the sync now runs only once at a time.
  
  If an admin wants to manually start a new sync while another sync is running, he gets a message informing about that. A new SyncOp cannot be started therefore. To check a currently running SyncOp, there’s a new Refresh button in the sync history box (see above) to see the status if needed. In such a case, pls. wait until the previous SyncOp is finished and then try to restart.
  
  The sync now checks the heartbeats if another SyncOp is running or died during any process (we are working with the cloud…). A new SyncOp can be started manually after a previous sync is finished, or after 15 minutes if a timeout occurred. Usually, if a SyncOp did not fully complete for any reason, simply wait (or start a SyncOp manually) for the next run to accomplish all tasks.
• Automation for user’s MFA status: Version 7.1 brings a new feature in the administration / sync / sync rules: A new box for setting Multi-factor authentication for users controlled by a group membership.
  
  In the MFA box, admins can define rules in a similar way as in the rules above: By adding a condition if a user is member of a specific security group (or email enabled security group), the MFA status can be set for all users, sign-in allowed users or sign-in blocked users. The MFA status can be Deactivated, Enabled or Enforced.
  
  Click Save at the page bottom to save all rules on that page. Users who are members of the specified security group(s) who not already have the defined MFA status set, will get the new MFA status set. This operation is not directly attached to the SyncOp, but runs all 12 hours and reports to the common audit log. So, we can categorize this feature as an own task in a technical perspective for not interfering with a running SyncOp. This allows admins to easily define custom rules for enforcing the organization’s security policies for their users.
• UI helpers: When assigning multiple domains or OUs, now there is a (De)Select (All) checkbox to select all items below with one click. The (All) checkbox acts as toggle. Small and helpful.
  
• License statistics: To distinguish between no license limits and licenses quotas, the licenses / licenses statistics module now shows a dash "-" if no quota is defined. Otherwise, the defined number of the quota is shown. The same goes for the assigned users.
  
• License quotas filter: A new filter allows to show just rules of a specific OU or all OU’s. By default, the filter is set to Any OU and all quotas are shown. The screenshot shows an example by filtering only the rules for OU Amsterdam.
  
  
• Smaller fixes: We continuously are checking the solution and we are fixing minor issues constantly. Version 7.1 has some minor issues as text labels and validations fixed.
• There is more to come in 2018…
  

We hope you like the new features and the improvements in Delegate 365 version 7.1!

All Delegate365 productive tenants will be updated before Christmas automatically to benefit from the improvements. There are no actions necessary on the customer side. New test tenants will automatically get the new Delegate365 version.

Delegate365–Cleanup unused apps

Wednesday, November 1, 2017

Delegate365 is registered as an app in the customer’s Azure Active Directory. When a Delegate365 setup is executed, it may be necessary that a new app is registered and is used from then on. So, what happens with old apps? See how to cleanup unused Delegate365 apps here.

Technically, the app needs permissions to sign-in the user and to read data from the tenant. If new app permissions are necessary through an update (as this was the case with version 6.5 and the new service health feature), the Delegate365 setup must be re-run. When a new app is created, the Administrator then has to confirm the app consent for his users as described here.

Usually this is not the case for regular updates. So, in very rare cases, a new app is created during the setup. As mentioned, an app has an expiration date, but apps that are no longer used, can be removed easily if desired. Otherwise, they exist in the AAD as every other app that was registered once (and may be no longer valid). So, it’s up to the IT-Administrator to decide if he wants to perform a cleanup or not.

For doing a cleanup, you need two things: A Global Admin in your AAD tenant and the Application ID of the current Delegate365 – you don’t want to remove the existing app, just the old ones. To get the current Delegate365 App ID of your tenant, pls. contact atwork at support@atwork.at. We will send you the App ID so that you can identify the Delegate365 app in use.

Open the Azure Portal, your Azure Active Directory and the App registrations. Search for "delegate" and see the registered apps in the list as shown here.

In this scenario, there are 4 Delegate 365 apps existing. The currently used app starts with App ID 7dd9191f… – we do not want to remove that, but the other 3 apps (bacf…, 7b76… and 79ee…). Check the App IDs and open each app and delete it.

Repeat that step for all unused apps until just the used Delegate365 app remains. That’s it.

If you are insecure, leave the apps untouched. If you removed the current Delegate365 app by mistake, you need to re-run the Delegate365 setup as described in the setup process.

Delegate365 changelog version 7.0-Office 365 Groups, Alias addresses, Logging and more

Wednesday, October 11, 2017

We have been busy during summer time and we have been developing and testing our new Delegate365 version 7. We added new features like the support for Office 365 Groups and further useful extensions and made a technical refresh behind the scenes. So, the latest version of Delegate365 is available now and ready for updates. See the details described here.

Delegate v7 is the successor of version 6.6. Besides new features, this is a major update since this version takes advantage of using new Microsoft APIs. So, here’s the news:

• User Mobile Phone number fix: When a user’s Mobile phone number was modified or deleted in the additional details of a user, the changes were not visible instantly. This was caused by the Microsoft interface that the mobile phone number is an Exchange property that needs to be synced in the background. So, changes of that specific property sometimes took minutes or was lost. This has bee fixed in the latest Delegate365 version by using a new Microsoft interface.
  
  Now, any modifications of the user’s Mobile phone number property are visible instantly.
• Office 365 Groups: Delegate365 now can manage Office 365 groups (historically also named Unified groups sometimes) as well. You can find the Office 365 groups management in the groups menu. The module works exactly as the other group types, each Office 365 group is assigned to one OU in Delegate365. Hint: Office 365 Groups fully exist only in Office 365 and are shown as distribution groups in Exchange on premises.
  
  If one Office 365 group is selected, Admins can modify the members and owners, as in the existing group types modules. This allows Delegate365 Administrators to create and manage the new Office 365 Groups easily.
  
  The general box allows to set Display name, the group Alias email address (with the assigned domains), the description, the Privacy level (Public or Private), if copies of group conversations shall be sent and if sender authentication is required or not.
  
  For modifying, click Save changes.
  If a new Office 365 group is created, the Alias is automatically prefilled in an email-safe way (as used in Delegate365).
  
  
  If the email Alias is not available in the Office 365 tenant, the Admin gets a warning…
  
  …and the Alias must be modified to an unique email address as here (project-a2).
  
  The creation of an Office 365 group takes just some seconds. The new Office 365 group is created in Azure Active Directory, a SharePoint site is triggered to been provisioned, the email address is created in Exchange Online and members and permissions are added. So, there’s a lot of things happening in the background, but Admins can continue to work with Delegate365 right after the process.
  Info for Portal Admins: Of course, Office 365 Groups can be (un)assigned manually in administration / organizational units as the other group types…
  
  …and there are rules for automatic OU-assignments in administration / sync / sync rules as well.
  
• Users E-Mail address options: Administrators can manage and add Alias addresses for their users (if permitted). After a user is selected, the EMail address menu opens the email management pane.
  
  In here, the addresses can be modified, added or deleted. There’s a new switch for SMTP addresses: Set as primary defines if the current email shall be the primary one or not.
  
  When the changes are saved, the primary email address is bold and SMTP is in upper case (otherwise in lower case).
  
  Modifications are done in Exchange Online. So, it can take some minutes, till they are active in Exchange.
• Daily notifications for Admins: Admins in Delegate365 can now get daily notifications about their manages users and groups. When clicking the user menu in the top right corner and the Properties, the user properties opens. In the new Notifications box, each Admin can switch Daily Notifications to Yes or No and set the desired email address for the notifications.
  
  This means, that Admins receive a daily email with the numbers of objects managed in Delegate365 and if less than 10% of Office 365 licenses are available (or the licenses limit is exceeded). The email delivers an overview about all managed OU’s and looks as follows: Text in orange means warning, Text in red means limit reached or exceeded.
  
  Each user can define if he wants to get the notification or not. By default this switch is set to No.
  Info for Portal Admins: These settings are the same as in the manage administrators admin properties, so they could be set not just by the Admin himself, but also by Portal Admins for their Admins if needed.
  
  Warning notifications are sent if Office 365 licenses are ordered within Delegate365, or if license limits are exceeded or Delegate365 licenses are exceeded.
• Logging extended: As described in Delegate365-Working with Audit Logs, Delegate365 stores logs on a daily and monthly basis. With version 7, there now is an additional logging to a summarized log with the name AuditLogSearch. Storage in the cloud is expandable as needed, so we thought, it’s easier to work with one single log table instead of working with monthly logs. To simply the reporting in external tools, the Power-BI file works with this single table log.
  
  So, we recommend to use the AuditLogSearch (red box) table for dashboards and reports (so does the Power-BI file) while the monthly logs logYYYYMM (blue box) are to search for specific actions that happened in that month and the last 7 day logs logYYYMMDD (green box) for actions by day (these are deleted automatically if older than 7 days). The following picture shows Microsoft Azure Storage Explorer connected to a Delegate365 log.
  
  See Delegate365-Working with Audit Logs for more info.
  Also, the logging itself has been extended to log all user Exchange properties modifications.
• Upgrade from version 6.4 (if necessary): If your existing Delegate365 version is less than 6.5, it is necessary to re-run the Delegate365 setup once because of required app permissions to read the Office 365 service status shown on the Delegate365 dashboard. We will inform you about the planned update date and the steps to update your Delegate365 app as described in Delegate365 changelog version 6.5 and in Delegate365-(Re)run the setup.

All existing productive Delegate365 tenants will be updated starting mid of October. New Delegate365 trials will automatically be available in the latest version.

We hope you enjoy the new features of Delegate365! More features are about to come this year!

If you want to see the full changelog, please visit our blog.