Nova Reporting uses service accounts to collect data from Office 365 tenants. Service accounts are used to collect data via PowerShell in cases where data can not be collected via GraphAPI.
This article explains how to create a Read-Only Administrator account in Office 365 for use with Nova. It is important that you complete all the steps. Service account can be created via:
·Microsoft 365 Admin Center
Your organization will not be charged by Microsoft for this account as it does not require an Office 365 license.
Creating the service account via the Microsoft 365 Admin Center
NOTE: Multi-Factor Authentication needs to be disabled to create the service account.
You can also create the service account via the Microsoft 365 Admin Center, however you would still need to run a final PowerShell cmdlet to ensure that the password does not expire.
1.On the Admin home page, go to Users > Active users and click on button Add a user.
2.Enter a Display Name e.g. Service Account for Nova Reporting.
3.Enter a User Name e.g. NovaReporting.
4.Ensure that the domain is the company.onmicrosoft.com domain.
5.Select Let me create a password and enter a strong password
6.Ensure Require this user to change their password when they first sign in is NOT ticked.
7.In the Product licenses page, choose Create user without product license.
8.In the Optional settings page, choose Admin center access and select Global reader.
9.Review all of your data and click Finish adding in the last page.
NOTE: If the password of the service account needs to be changed or is expired, it must be changed in Office and in Tenant Management System Client.
If your company policy allows passwords to never expire you can do it via PowerShell:
Set-MsolUser -UserPrincipalName NovaReporting@company.onmicrosoft.com -PasswordNeverExpires $true
Creating the service account using PowerShell
Connecting to Office 365
Before we begin, you need to install the Microsoft Online Service Module onto your machine. See Connecting to Office 365 Using PowerShell how instructions on how to do this.
Now open up Windows PowerShell and Copy & Paste in the following commands to connect to Office 365.
Please enter the username and password of an Office 365 Administrator account when prompted.
$Office365credentials = Get-Credential
Connect-MsolService -Credential $Office365credentials
Creating the service account
Now that you are connected to Office 365 in PowerShell, we can create the Service account.
Modify the line below and set the company.onmicrosoft.com part to match your own Office 365 .onmicrosoft.com domain and replace the password with a secure password of your own. We recommend a password of 10 characters or more that includes a mixture of capital and lower case letters, numbers and special characters.
New-MSolUser -DisplayName "Service Account for Nova Reporting" -UserPrincipalName "NovaReporting@company.onmicrosoft.com" -Password "Password123" -PasswordNeverExpires $true -ForceChangePassword $false
Next we need to add our new account to the Global reader'. You can do this by copying and pasting the following line into the PowerShell window.
Remember to set the company.onmicrosoft.com part to match your Office 365 domain name.
Add-MSOLRoleMember RoleName "Global reader" RoleMemberEmailAddress NovaReporting@company.onmicrosoft.com
Please note that you will not receive any confirmation if the commands are successful. You can check if the service account was set correctly by running PowerShell commands below:
$role = Get-MsolRole -RoleName "Global reader"
Get-MsolRoleMember -RoleObjectId $role.ObjectId
Another great management option for Office 365 is to use PowerShell, a command line interface that connects to Office 365 via the Internet.
Whilst it may seem daunting to people unfamiliar with working on the Command Line, it is simpler than it seems. This blog post will guide you through the basics of connecting to PowerShell.
Set up your computer to use Office 365 PowerShell
Firstly, you need to set up your computer with the necessary PowerShell modules. This only needs to be done once, however you need to have administrative permissions on the computer. Unfortunately, Microsoft has made this part very confusing, as there are multiple versions of the PowerShell module available.
The newest version is known as the Azure AD PowerShell module and is distributed via the PowerShell Gallery. This unfortunately means that you cannot download the module directly. Instead, you will need to use the PowerShellGet module, which might not be available on your system. In this case, you will have to install the module by using one of the methods detailed in this article.
An older version of the module, known as the Windows Azure Active Directory PowerShell or MSOnline module is also available. Like the Azure AD module, it is also being distributed via the PowerShell Gallery, however an MSI installer version can be downloaded from here.
Both the Azure AD and MSOnline modules also have a Preview version, further contributing to the confusion. What is even worse, some functionalities are only available in specific module versions, thus it might be necessary to have multiple versions installed and to use them interchangeably.
Connecting PowerShell to Office 365
Regardless of which version of the module you install, connecting to Office 365 is performed by executing a cmdlet. To connect via the Azure AD module, use:
To connect via the older MSOnline module, use:
You will be prompted for credentials. Enter the full UPN (User principal name) value of your Office 365 administrator account as well as your password. Depending on the settings you have configured, you might be asked to perform additional verification via Azure MFA.
Connecting PowerShell to Exchange Online
To connect PowerShell to Exchange Online, you will need to configure the execution policy to allow execution of signed PowerShell script. You can find detailed steps in this article. You need to perform them only once on each machine you will be connecting fromOnce the execution policy is configured, you need to create a connection to Office 365. You can do this by typing (or copying/pasting) the following into PowerShell.
NOTE: To paste into PowerShell you use Right Click. Here is a video on how to use Copy and Paste in PowerShell.
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential (Get-Credential) -Authentication Basic -AllowRedirection
Once this is in the PowerShell window, press Enter to execute the command.
Now you simply type in the username and password for an Administrator account in your Office 365 and click OK. You may see some warnings, but they are part of the process.
You are now authenticated into Office 365 and have a session open. The last step is to fetch all the available cmdlets by using the following PowerShell command:
You should now be connected.
Now you have gone to all the trouble of connecting to PowerShell, you should run a task to prove that it works. Type the following into the PowerShell window and press Enter:
You should now see a list of all the users in your Office 365 account that have mailboxes.
This section will explain the process you will need to follow in order to setup Nova for SharePoint Online reports. The process will take you through granting the existing Nova Reporting service account permissions to read SharePoint data and setting up the Site Collection reports with the Nova application.
Granting access to the Nova Reporting service account
1. Log into the Office 365 portal.
2. In the navigation pane on the left, under Admin centers, select SharePoint. This will take you to the SharePoint admin centers in a new window.
3. In the Admin center, click on Sites and select the Active sites button.
4. An active site need to be selected from the list in order to display the information blade. Once site you would like to add into Nova Reporting is selected, choose Permissions and then Manage.
5. A new blade window will come up with two options. In the search box search for the name of the Nova Reporting service account you used when you initially signed up for Reporting, add the account and click on Save.
NOTE: If when you signed up you chose Automatic Signup' then the service account will be called 'RadarReporting'
6. The permissions should now be applied to the service account.
NOTES: Sometimes issues in the back-end replication can lead to this not always being the case. To confirm that all has been applied correctly on Microsoft's servers, navigate to your site collection's Administrator Management page. The service account should be listed in the box with the other admins.
Adding in your site collection in Nova
NOTE: You must have the Radar Classic or System Administrator roles to complete the following steps.
1.Log into Nova, and go to Settings (the cog icon in the top right corner)
2.From the menu, select Reporting from the Application Settings section
3.Select SharePoint Reports and add add the Site Collection(s) you granted access in steps above. You can do this by either:
a.Entering the SharePoint admin URL for the tenant and clicking Update. This will collect all of the site collections automatically (recommended), or
b.You can add one or multiple Site Collections manually by clicking Add Site Collection, and entering the URLs. Then click Add Site Collections.
4.If the rights are granted correctly the status will change from Pending to Verified after next collection.
After successfully adding your service account, the dashboard will be the first screen you will come across. Here, you will see a variety of reports and widgets already pre-built into Nova, including Active Users by Workload, which shows the amount of users using and not using each Office 365 workload in the previous 30 days.
Dashboards are where you can view your reports immediately; with data being updated every 24 to 48 hours, your dashboard gives you recent results on your Office 365 environment straight away.
Here is an example of a dashboard that shows information about an Office 365 tenant:
See dashboards in action in this video by clicking here.
NOTE: The initial look of your dashboard will depend on your role within Nova.
There are several pre-existing widgets that you can add to your dashboard straight away. To do this:
1.From the dashboard, click Edit, the Add Widgets.
2.Click on the report section you would like to add to the dashboard.
© 2021 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Conditions d’utilisation Confidentialité