サポートと今すぐチャット
サポートとのチャット

Enterprise Reporter 3.5.1 - Configuration Manager User Guide

Product Overview Configuring the Configuration Manager
Starting the Configuration Manager Finding answers and getting help Overview of Enterprise Reporter Communications and Credentials Required Using the Credential Manager Setting Up Your First Collection Computers (Nodes) Modifying Your Deployment Configuring Global Settings Customizing the Configuration Manager View
Understanding Discoveries Creating Discoveries
Step 1. Create the Discovery (Name) Step 2. Choose what to include in your discovery (Scopes) Step 2a. Choose scopes for your on-premises discoveries
Choosing your Active Directory Scopes Choosing your Computer Scopes Choosing Your Exchange Scopes Choosing Your File Storage Analysis Scopes Choosing Your Microsoft SQL Scopes Choosing Your NTFS Scopes Choosing Your Registry Scopes
Step 2b: Choose scopes for your cloud discoveries Step 3. Schedule your Discovery Step 4: Review the summary
Managing Discoveries Troubleshooting Issues with Enterprise Reporter Appendix: PowerShell cmdlets Appendix: Encryption Key Manager Appendix: Log Viewer

Permissions for Enterprise Reporter tenant applications

Enterprise Reporter requires Azure applications for the collection of Azure and Microsoft 365 objects and attributes. These applications must be registered in the Azure portal and consent must be granted for delegated permissions. To manage tenant applications used by Enterprise Reporter, you use the Configuration | Application Tenant Management option.

For the Azure Active Directory discovery, the Exchange Online discovery, and the collection of nested group members for the OneDrive, Exchange Online, and Azure Resource discovery, an application with a name that begins with “Quest Enterprise Reporter Azure Discovery” is created. To create this application in your tenant, you must specify an account with administrative access to create applications. The account must have the Global Administrator role to be able to create and consent to the application.

Once created, the application must also be delegated permissions and an administrator must consent to the application’s permissions using the Microsoft consent wizard. For the Enterprise Reporter Azure discovery application, the following permissions are required:

 

Microsoft Graph

User.ReadBasic.All

Read all users' basic profiles

Delegated

Microsoft Graph

Directory.AccessAsUser.All

Access directory as the signed in user

Delegated

Microsoft Graph

Directory.Read.All

Read directory data

Delegated

Microsoft Graph

Group.Read.All

Read all groups

 

Microsoft Graph

IdentityRiskyUser.Read.All

Read identity risky user information

Delegated

Microsoft Graph

SecurityEvents.Read.All

Read your organization's security events

Delegated

Microsoft Graph

User.Read.All

Read all users' full profiles

Delegated

Microsoft Graph

Reports.Read.All

Read all usage reports

Delegated

Microsoft Graph

UserAuthenticationMethod.Read.All

Read all users' authentication methods

Delegated

If you want to collect details about Microsoft 365 user activity, such as which licenses are assigned to a user and dates when a user last used a licensed service, the following delegated permission is required:

Also, you must clear the Microsoft default setting that anonymizes the user-level data. To include user activity data in the Enterprise Reporter reports, do the following steps:

2
Navigate to Settings | Org Settings | Services.
3
Select Reports.
4
Clear the Display concealed user, group, and site names in all reports check box.

For more information, see https://learn.microsoft.com/en-US/microsoft-365/troubleshoot/miscellaneous/reports-show-anonymous-user-name

For the OneDrive discovery, an application with a name that begins with “Quest Enterprise Reporter OneDrive Discovery” is created. To create this application in your tenant, you must specify an account with administrative access to create applications. The account must have the Global Administrator role to be able to create and consent to the application.

Once created, the application must also be delegated permissions and an administrator must consent to the application’s permissions using the Microsoft consent wizard. For the Quest Enterprise Reporter OneDrive Discovery application, the following permissions are required:

 

Microsoft Graph

Directory.Read.All

Read directory data

Delegated

Microsoft Graph

Files.Read.All

Read all files that user can access

Delegated

Microsoft Graph

Sites.FullControl.All

Have full control of all site collections

Delegated

Microsoft Graph

Directory.AccessAsUser.All

Access directory as the signed in user

Delegated

Office 365 SharePoint Online

MyFiles.Read

Read user files

Delegated

For the Azure Resource discovery, an application with a name that begins with “Quest Enterprise Reporter Azure Resource Discovery” is created. To create this application in your tenant, you must specify an account with administrative access to create applications. The account must have the Global Administrator role to be able to create and consent to the application.

Once created, the application must also be delegated permissions and an administrator must consent to the application’s permissions using the Microsoft consent wizard. For the Enterprise Reporter Azure Resource discovery application, the following permissions are required:

 

Microsoft Graph

User.ReadBasic.All

Read all users' basic profiles

Delegated

Microsoft Graph

Directory.AccessAsUser.All

Access directory as the signed in user

Delegated

Windows Azure Service Management API

user_impersonation

Access Azure Service Management as organization users

Delegated

For the Microsoft Teams discovery, an application with a name that begins with “Quest Enterprise Reporter Microsoft Teams Discovery” is created. To create this application in your tenant, you must specify an account with administrative access to create applications. The account must have the Global Administrator role to be able to create and consent to the application.

Once created, the application must also be delegated permissions and an administrator must consent to the application’s permissions using the Microsoft consent wizard. For the Quest Enterprise Reporter Microsoft Teams Discovery application, the following permissions are required:

 

Microsoft Graph

Directory.Read.All

Read directory data

Delegated

Microsoft Graph

User.ReadBasic.All

Read all users' basic profiles

Delegated

Microsoft Graph

Files.Read

Read user files

Delegated

Microsoft Graph

Sites.FullControl.All

Have full control of all site collections

Delegated

Microsoft Graph

Directory.AccessAsUser.All

Access directory as the signed in user

Delegated

Microsoft Graph

Group.Read.All

Read all groups

Delegated

Office 365 SharePoint Online

MyFiles.Read

Read user files

Delegated

For the SharePoint Online discovery, an application with a name that begins with “Quest Enterprise Reporter SharePoint Online Discovery” is created. To create this application in your tenant, you must specify an account with administrative access to create applications. The account must have the Global Administrator role to be able to create and consent to the application.

Once created, the application must also be delegated permissions and an administrator must consent to the application’s permissions using the Microsoft consent wizard. For the Quest Enterprise Reporter SharePoint Online Discovery application, the following permissions are required:

 

Microsoft Graph

Directory.Read.All

Read directory data

Delegated

Microsoft Graph

Sites.FullControl.All

Have full control of all site collections

Delegated

CM Understanding Discoveries.04.12.html

Creating Discoveries

There are several steps for creating a discovery. A wizard guides you through the process, which varies slightly depending on the type of discovery.

Step 1. Create the Discovery (Name)

When you are creating a discovery, it is important to consider which cluster is running a discovery. A discovery can only belong to one cluster. When you run the discovery, the collection is performed by the nodes in the cluster.

By default, for on-premises collections, the credentials used to access the targets and read the data are those that were provided when creating the node. If required, you can specify alternate credentials during the creation of your on-premises discovery. For more information, see Node Credential and Alternate Credential Details for On-Premises Discoveries .

Before you specify the credentials for a cloud discovery (Azure Active Directory, Azure Resource, Exchange Online, Microsoft Teams, OneDrive, and SharePoint Online), you must register and configure the application used by Enterprise Reporter in your Azure environment. You can complete this process using the Configuration | Tenant Application Management option in the main menu before you create discoveries.

If the Enterprise Reporter cloud applications are not yet registered and configured in your Azure environment, the Name page of the discovery displays a warning message above the Azure Tenant name. For more information, see Configuring Tenant Applications for Cloud Discoveries .

If you have already configured the required tenant application and it indicates the option to Reconfigure, nothing further is necessary.

Select an existing discovery on the Manage Discoveries pane and click Duplicate to create an exact copy. Click OK to confirm that you want to duplicate the selected discoveries and edit the copy to meet your needs. For more information, see Modifying a Discovery .
a
For on-premises discoveries select Use default node credentials to target computers that the logged-in user can access.
6
Click Add to use the Credential Manager and select (or Add) an Microsoft 365 administrator account within the target tenant and click OK. For more information, see Using the Credential Manager .
If any warnings or messages are displayed, review them and click OK to continue. Optionally, click Remove to delete an invalid or unwanted account.
9
Click Next to continue to the Scopes page.
関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択