Identify when jobs are not running
As a Nova administrator, it is important to quickly identify when jobs within your tenant are not running and troubleshoot these issues.
Jobs are color-coded accordingly:
·Jobs that have not been running for 0-3 days are not color-coded.
·Jobs that have not been running for 3-6 days are YELLOW.
·Jobs that have not been running for 6+ days are RED.
Here is how it looks:
What are the roles within Nova?
Users of the Nova application can be assigned one or more roles. Each role provides functionality in the Nova application itself. Roles can be combined. The following is a list of the roles, and what they give access to:
Account Administrator
This gives access to be able to create and manage policies in Delegation and Policy Control. In addition, audit logs can be viewed to see how the policies have been used by delegated administrators. There are several other administrative functions which are shown in this screenshot:
Auth Policy Admin
This gives users the ability just to manage authorization policies within Nova. The option to get into Authorization Policies will be enabled in the Manage Administration menu.
Auth Policy administrators also have the ability to delegate certain subsets of custom PowerShell commands to selected users, which can be organized in an organization unit hierarchy. It is advised that Auth Policy Admins create dedicated organizational units exclusively for PowerShell scripts.
Autopilot Classic
This role is most appropriate to assign to a delegated administrator. This gives access to be able to perform allowed actions against users, mailboxes, groups, contacts and Microsoft Teams. What the user will be able to do is governed by the policies which are applied to them and were configured by someone with at least the Account Administrator role.
Config Policy Admin
This gives users the ability just to manage configuration policies within Nova. The option to get into Configuration Policies will be enabled in the Manage Administration menu.
IT Administrators
This gives a user the ability to use Nova, but restricts them from changing the configuration or security of Nova itself.
License Admin
This gives people the ability to create and maintain License Policies. The option will be available on the Manage Administration menu.
Organizational Unit Admin
This gives users the ability to maintain virtual organizational units. The Tenants option will be available on the Manage Administration menu.
Radar Classic
This gives access to reporting data, and the Report Center.
System Administrator
This role gives access to the Tenant Management System, and does not give any direct access to the Nova application (unless it is combined with other roles).
Why do some Nova roles have Classic' suffixes?
Two parts of Nova have existed in different systems and different formats before Nova. Nova has users which are now using Nova that used to use those systems, so these roles are named as shown on this page so that those customers understand what functionality, broadly speaking, they'll be getting with those roles. These two are:
·Radar Classic: This gives users the same functionality as they would have had in our Radar product.
·Autopilot Classic: This gives users the same functionality as they would have had in our Autopilot product.
Examples of combining roles
If a user needs to be able to create authorization policies, and perform actions on customer tenants (such as password resets, maintaining groups, adding Microsoft Teams etc.), then they should be assigned these roles:
·Account Administrator
·Autopilot Classic
If someone needs to be able to access reporting data, and perform actions on customer tenants (such as password resets, maintaining groups, adding Microsoft Teams, and so on) then they should be assigned these roles:
·Autopilot Classic
·Radar Classic
Granting Account Administrator
The following should be considered when assigning roles
·The Account Administrator roles does not work on it is own. It needs to be combined with the Autopilot Classic role.
Settings
Service accounts for Nova
Overview
Nova is a modular solution. There are two types of service accounts that have different requirements for the process to run smoothly, and it is recommended that each module has a separate service account.
Details
To easily spot that an account is used by Nova, the service account should be named the same way.
We recommend that you should use the name of product followed by module NovaDPC.
NovaDPC
This is for a service account for the Management (DPC Delegation & Policy Control) module to manage tenant data.
Details with requirements for this service account are detailed in this section.
Note
The service account names featured here are just recommendations. If a customer has a different naming policy, they should follow that policy instead.
Examples
NovaReporting@myTenant.myTopDomain
NovaDPC@myTenant.myTopDomain