Chatta subito con l'assistenza
Chat con il supporto

Enterprise Reporter 3.5.1 - Configuration Manager User Guide

Product Overview Configuring the Configuration Manager
Starting the Configuration Manager Finding answers and getting help Overview of Enterprise Reporter Communications and Credentials Required Using the Credential Manager Setting Up Your First Collection Computers (Nodes) Modifying Your Deployment Configuring Global Settings Customizing the Configuration Manager View
Understanding Discoveries Creating Discoveries
Step 1. Create the Discovery (Name) Step 2. Choose what to include in your discovery (Scopes) Step 2a. Choose scopes for your on-premises discoveries
Choosing your Active Directory Scopes Choosing your Computer Scopes Choosing Your Exchange Scopes Choosing Your File Storage Analysis Scopes Choosing Your Microsoft SQL Scopes Choosing Your NTFS Scopes Choosing Your Registry Scopes
Step 2b: Choose scopes for your cloud discoveries Step 3. Schedule your Discovery Step 4: Review the summary
Managing Discoveries Troubleshooting Issues with Enterprise Reporter Appendix: PowerShell cmdlets Appendix: Encryption Key Manager Appendix: Log Viewer

Configuring Email Notifications

Enterprise Reporter can be configured to send email notifications that indicate when nodes and discoveries change state and may need administrator intervention. There are two methods available for sending email notifications:

After you configure the email service type (SMTP or Exchange Online), you can configure address information such as sender and recipients, and notification options, such as whether to send notifications for node state changes, discovery state changes, or both. You can also select whether to include all discovery state changes or just the failures.

See the following sections for the steps to configure email notifications:

1
On the Configuration page, click Manage email notifications.
2
Application (client) ID: The application (client) ID for the Azure Active Directory application created for Enterprise Reporter email notifications.
Directory (tenant) ID: The directory (tenant) ID for the Azure Active Directory application created for Enterprise Reporter email notifications.
Certificate Thumbprint: The certificate thumbprint for the certificate that was uploaded to the registered app.
Cloud instance: Select the type of cloud instance to use for notifications - Azure Cloud (default), US Government Cloud L4, or US Government Cloud L5 (DoD).
3
Click View address format errors and fix any errors.
1
Select Send notifications on node state changes.
Select Send notifications on discovery state changes.
2
If you selected Send notifications on discovery state changes:
Select Send all to send email notifications for every discovery state change.
Select Send only failures to send email notifications only for only discovery state changes that are failures.

Registering an Application for Exchange Online Email Delivery

To send email using Microsoft 365 Exchange Online (for OAuth2 authentication), you must register an application for Enterprise Reporter with Azure Active Directory. During the registration process in the Azure portal, you must configure different variables that will be used when you set up Exchange Online for email delivery in the Configuration Manager and Report Manager.

To register Enterprise Reporter with Azure Active Directory and use Exchange Online accounts to send email, the following prerequisites must be met:

Topics:

You will require a certificate when registering an app for Enterprise Reporter in the Azure Active Directory. You can use a certificate from a Registration Authority or you can use a self-signed certificate. If you do not have a certificate from a Registration Authority, you can use the following Powershell cmdlets to create a self signed certificate.

It is useful to generate your self-signed certificate on the computer on which the Enterprise Reporter server service (Configuration Manager) is installed since that reduces the number of steps you must perform.

For information on the New-SelfSignedCertificate cmdlets, see https://learn.microsoft.com/en-us/powershell/module/pki/new- selfsignedcertificate?view=windowsserver2022-ps.

Before you create the certificate, the Powershell PKI module must be installed.

Use the following Powershell cmdlets to create a self-signed certificate that will be used when you register the application for Exchange Online. Run these cmdlets on the computer that contains the Enterprise Reporter server service.

NOTE: For the -dnsname you enter the name of the computer that hosts Enterprise Reporter server service (Configuration Manager) and C:\exchange online\ is a folder location on that computer.

If you have run the PowerShell cmdlets on the system that hosts the Enterprise Reporter server service (Configuration Manager), do the following steps:

2
Select Certificates and click Add.
3
In the Certificate snap-in window, select Computer account and click Next,
4
Select Local computer and click OK.
5
Expand Certificate | Personal | Certificate. Ensure that the newly created certificate is listed.
8
Select No, do not export the private key and select Next.
9
In the Export File Format page, select DER encoded binary X.509 (.CER) as the format, unless you require a different format, and click Next.

Use the following procedure to install a certificate if you have one available. Do this on the computer on which the Enterprise Reporter server service (Configuration Manager) is installed.

2
Select Certificates and click Add.
3
Open the Certificate Import Wizard.
4
Select Local machine for Store location and click Next.
5
Select Place all certificates in the following store, click Browse.
6
Select the Personal store and click Next.

After the certificate is imported to the store, obtain and save the certificate thumbprint. The certificate thumbprint will be needed when you are setting up OAuth authentication.

Registering and configuring an application through Azure Active Directory

Once you have the certificate, you can register an app for Enterprise Reporter to be used for mail delivery through Exchange Online.

You use the following process to register and configure the application through the Microsoft Azure portal:

2
3
In the left navigation pane, scroll down and click App registrations | New registration.
Supported account types: Select Accounts in this organizational directory only (tenant name only - Single tenant) for the accounts that can access the application API.
5
Click Register.
IMPORTANT: It is highly recommended that the application does not have access to all mailboxes. For information about how to limit the application access to mailboxes see the Microsoft article Limiting application permissions to specific Exchange Online mailboxes at https://learn.microsoft.com/en-us/graph/auth-limit-mailbox-access.
2
Click Add a permission, click Microsoft Graph, and click Application Permissions.
4
Add Mail.ReadWrite and Mail.Send permissions.
5
Click Add Permissions.
6
7
Click Yes to confirm.
8
On the Overview page (top left) you can find Application (client) ID and the Directory (tenant) ID. Copy these values as you will need them when you set up Exchange Online for OAuth authentication in Enterprise Reporter.
9
Return to Home (top left) and select Azure Active Directory which displays the tenant overview page.
10
In the left navigation pane, click Roles and administrators and browse through the roles to find Exchange Administrator (or enter Exchange Administrator in the search window).
11
Click the Exchange Administrator role and click Add Assignments.
13
When the application appears, select Add at the bottom on the right side.
14
Click Home and select Azure Active Directory to display the tenant Overview page.
15
Select App registrations and either browse to your new app or enter the name the application in the search window.

Your Azure Active Directory application requires a certificate for authentication.

1
2
Select Certificates and select Upload Certificate.
5
Click Add at the bottom of the screen. Notice the certificate information is displayed including the thumbprint.

The application configuration is complete. Ensure that you record the Application (client) ID and Directory (tenant) ID and the certificate thumbprint as they are required to configure the connection in Enterprise Reporter email settings.

Also, take note of when the certificate will expire so it can be replaced or renewed. Email using Exchange Online will stop flowing once the certificate has expired.

Managing the Collection of Additional Attributes

Enterprise Reporter collects a defined set of attributes for each object in a discovery. The attributes collected vary depending on the type of discovery, the object, and the version of Enterprise Reporter you are using. You can add and remove attributes collected by Active Directory and computer discoveries. You can extend:

Attributes that you extended in previous versions of Enterprise Reporter can become default attributes in newer versions. In this case, the extended attribute is preserved to ensure that your reports continue to work, but only the default attribute is available for new reports.

When you add or remove attributes for a discovery type, Enterprise Reporter has to process them. This can take some time, during which any running discoveries of the type you extended may fail. You should perform the extension only after ensuring that no discoveries of that type are running or scheduled to run. Additionally, any attributes that are no longer being collected should be removed from any reports in which they were included.

2
Click Configuration.
3
Click Manage attributes.
4
Click Yes in the warning dialog box.
7
Click Get Schema.
10
Click Apply.
11
Click Close.
2
Click Configuration.
3
Click Manage attributes.
4
Click Yes in the warning dialog box.
6
Click Add.
9
Click Add.
2
Click Configuration.
3
Click Manage attributes.
4
Click Yes in the warning dialog box.
7
Click Apply.
2
Click Configuration.
3
Click Manage attributes.
4
Click Yes in the warning dialog box.
If your logged-in user does not have access to a domain in the forest whose schema you want to enumerate, right-click in the dialog box and choose Connect as user. Use the Credential Manager to select or create a user with the required credentials and click OK.
9
Click Get Schema.
12
Click Apply.
13
Click Close.
NOTE: The Multiple Tasks option is not available when collecting Active Roles attributes.
Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione