Enterprise Reporter 3.5.2 - Configuration Manager User Guide

Chat now with support

Node Credential and Alternate Credential Details for On-Premises Discoveries Detailed permissions for Enterprise Reporter discoveries Permissions for Enterprise Reporter discoveries on NAS devices Permissions for Enterprise Reporter tenant applications Logged-In User Credentials Server Service Credentials

Changing the credentials used by the Enterprise Reporter Server Changing the credentials used by the Enterprise Reporter Server in a Kerberos environment

Using the Credential Manager

Changing Passwords Using the Credential Manager Changing Account Names Using the Credential Manager

Setting Up Your First Collection Computers (Nodes)

Configuring Clusters and Nodes for Effective Data Collection Things to Consider Before Creating a Cluster Creating Your First Cluster and Node

Modifying Your Deployment

Managing Clusters

When Do You Add a Cluster? Modifying a Cluster Deleting a Cluster Disabling a Cluster What To Do if a Cluster is Disabled Enabling a Cluster

Managing Nodes

Modifying Node Credentials Modifying the Location of Node Temporary Files Changing a Node to a Different Cluster Removing a Node Why Disable a Node? Stopping a Node Enabling a Node Starting a Node

What does the status of a node or cluster indicate?

Configuring Global Settings

Configuring Change History Configure Logging Credential Manager Database Settings Configuring Email Notifications Registering an Application for Exchange Online Email Delivery

Registering and configuring an application through the Microsoft Azure portal

Managing the Collection of Additional Attributes Configuring IT Security Search Configuring a NAS Host Device Configuring Server Error Notification Managing Tenant Applications Managing Certificates for Tenant Applications Creating Your Own Certificate for Discovery Authentication Managing the Logon Configuration

Customizing the Configuration Manager View

Understanding Discoveries

Defining the Data Collection (Discoveries) Multi-Factor Authentication Discovery Credential Limitations Best Practices for Creating Discoveries Improving the Performance of Your Discoveries

Adding a Node Improving the Performance of a Node

Discovery Permission Requirements

Detailed permissions for Enterprise Reporter discoveries Permissions for Enterprise Reporter discoveries on NAS devices Permissions for Enterprise Reporter tenant applications CM Understanding Discoveries.04.12.html

Creating Discoveries

Step 1. Create the Discovery (Name)

Configuring Tenant Applications for Cloud Discoveries

Step 2. Choose what to include in your discovery (Scopes)

Scopes: An Overview How Scopes Affect Tombstoning Using the Browser to Include and Exclude Scopes Including Objects in Your Scope Importing Computers to Your Scopes Refining Your Scope with Exclusions Filtering in the Browser Using Queries to Define Your Scopes Using Subnets to Define Your Scopes Using Subnet Credentials

Step 2a. Choose scopes for your on-premises discoveries

Choosing your Active Directory Scopes

AD Discovery: Include scopes AD Discovery: Optionally refine your scope list with exclusions AD Discovery: Optionally select one or more domain controllers AD Discovery: Decide what to collect from any domain in the discovery

Choosing your Computer Scopes

Computer Discovery: Include scopes Computer Discovery: Optionally refine your scope list with exclusions Computer Discovery: Decide what to collect from any computer in the discovery

Choosing Your Exchange Scopes

Exchange Discovery: Include Scopes Exchange Discovery: Optionally refine your scope list with exclusions Exchange Discovery: Optionally select a domain controller Exchange Discovery: Decide what to collect from any server in the discovery

Choosing Your File Storage Analysis Scopes

File Storage Analysis Discovery: Include scopes File Storage Analysis Discovery: Optionally refine your scope list with exclusions File Storage Analysis Discovery: Decide what to collect from any server in the discovery File Storage Analysis Discovery: Configure NAS Host Devices

Choosing Your Microsoft SQL Scopes

MS SQL Discovery: Include scopes MS SQL Discovery: Optionally refine your scope list with exclusions (Scope Exclusions and Global Exclusions)

Choosing Your NTFS Scopes

NTFS Discovery: Best Practices NTFS Discovery: Include scopes NTFS Discovery: Optionally refine your scope list with exclusions NTFS Discovery: Select your global scopes NTFS Discovery: Decide what to collect from any computer in the discovery NTFS Discovery: Configure NAS Host Devices NTFS Discovery: Configure your file collection

Choosing Your Registry Scopes

Registry Discovery: Include scopes Registry Discovery: Optionally refine your scope list with exclusions Registry Discovery: Select your global scopes Registry Discovery: Decide what to collect from any computer

Step 2b: Choose scopes for your cloud discoveries

Choosing Your Microsoft Entra ID Scopes

Microsoft Entra ID Discovery: Decide what to collect from the tenant in the discovery

Choosing Your Azure Resource Scopes

Azure Resource Discovery: Include Scopes Azure Resource Discovery: Optionally refine your scope list with exclusions Azure Resource Discovery: Decide what to collect from the subscriptions in the discovery

Choosing Your Exchange Online Scopes

Exchange Online Discovery: Decide what to collect from the tenant in the discovery

Choosing Your Microsoft Teams Scopes

Microsoft Teams Discovery: Include Scopes Microsoft Teams Discovery: Decide what to collect from the subscriptions in the discovery

Choosing Your OneDrive Scopes

OneDrive Discovery: Include Scopes OneDrive Discovery: Optionally refine your scope list with exclusions OneDrive Discovery: Decide what to collect from the drives in the discovery

Choosing Your SharePoint Online Scopes

SharePoint Online Discovery: Include Scopes SharePoint Online Discovery: Optionally refine your scope list with exclusions SharePoint Online Discovery: Decide what to collect from the tenant in the discovery

Step 3. Schedule your Discovery

Run your discovery once Run your discovery on a daily interval Run your discovery on specified days of the week Run your discovery on a specified day of the month Run Your Schedule Yearly Enabling and Disabling Discovery Schedules

Step 4: Review the summary

Managing Discoveries

How is a Discovery Processed?

Types of Tasks Manually Running a Discovery

Viewing your Discoveries

Navigating the Manage Discoveries Pane Viewing the History of a Discovery What Does the Discovery Status Indicate? Viewing the Tasks for a Finished Discovery Viewing the Tasks for a Processing Discovery What Does the Task Status Indicate? Why is My View Empty? Viewing Errors and Error Suppressions Suppressing Discovery Errors Viewing Statistics Viewing a Cluster's Queue

Working with Discoveries and Tasks

Duplicating a Discovery Modifying a Discovery Canceling a Task or Discovery Deleting a Discovery

Troubleshooting Issues with Enterprise Reporter

Problems Opening the Consoles Troubleshooting connectivity issues

Restoring a connection to the Enterprise Reporter Server Restoring a connection to the Enterprise Reporter database

Troubleshooting Connection Timeouts Troubleshooting credential change failures Auditing Enterprise Reporter Activity Resolving Configuration Manager Issues

Node Issues

Node Deployment Issues Dealing with Unassociated Nodes Dealing with Faulted Nodes Problems Deleting a Node Changing the Node Logging Level Changing the Size of the Node Log Files

Scope Enumeration Issues Data Collection Issues

Computer Discovery Errors

Troubleshooting Features in Enterprise Reporter

Exporting Logs from the Configuration Manager Viewing information about your Enterprise Reporter configuration Viewing Errors and Statistics for Tasks

Moving the Enterprise Reporter database Disaster Recovery

Backing up Enterprise Reporter Deploying Enterprise Reporter to another computer after a disaster Checking the Enterprise Reporter configuration after recovery

Appendix: PowerShell cmdlets

What is Microsoft Windows PowerShell? What are cmdlets? Registering Enterprise Reporter cmdlets Adding the snap-ins automatically to new sessions Enterprise Reporter cmdlets Enabling Enterprise Reporter cmdlets Loading the Enterprise Reporter cmdlets Using cmdlets to manage clusters and nodes

Creating a cluster Creating a node Disabling a node Enabling a node Finding a node by name Piping cmdlets Finding a cluster by name Disabling a cluster Enabling a cluster

Using cmdlets to manage discoveries

Getting job information Creating a job Running a job Scheduling a job Deleting a job

Using cmdlets to run reports

Connecting to the server Getting report information Exporting a report definition Importing a report definition to a category Generating a report with data

Appendix: Encryption Key Manager

Starting the Encryption Key Manager Generating a key file Importing a key file Exporting a key file Resetting credentials

Appendix: Log Viewer

Starting the Enterprise Reporter Log Viewer Finding and opening log files Viewing and searching log file entries Filtering log file entries

Managing Tenant Applications

Microsoft Entra applications are used by cloud discoveries. The cloud applications used by Enterprise Reporter must be registered in your Microsoft Entra environment and consent must be provided for the application’s permissions. The owner of each Microsoft Entra application is the person who first configures the application.

The Tenant Application Manager in Enterprise Reporter tracks which tenants are configured and available for discoveries. Basic configuration is available for the Enterprise Reporter applications. Any outside changes to Microsoft Entra applications must be managed separately and can adversely affect the results of your collections.

To open the Tenant Application Manager

•

On the Configuration page, click Manage tenant applications.

- OR -

Click the ellipsis in any cloud discovery Scopes page.

To add a tenant

Click Add.

Enter the name of the tenant where Enterprise Reporter applications will be created.

Click OK.

To delete a tenant

Select the name of the tenant to be deleted.

Click Delete.

Click Yes to confirm that discoveries for any tenant that you delete will be unable to collect data

The tenant and the Enterprise Reporter applications for this tenant are removed.

To edit administrator credentials for the tenant application

Open the Tenant Application Manager.

Click Configure or Reconfigure beside the application.

Complete the Microsoft wizard that guides you through registering the application and consenting to application permissions using credentials with administrative access to create Enterprise Reporter applications on the tenant.

If multi-factor authentication has been configured for this account, you will be prompted to complete the verification steps to complete the authentication process.

Once the consent is complete, the Tenant Application Manager will display a Reconfigure link beside the application.

To configure applications for a tenant

Open the Tenant Application Manager.

Click Configure beside the application.

If multi-factor authentication has been configured for this account, you will be prompted to complete the verification steps to complete the authentication process.

Once the consent is complete, the Tenant Application Manager will display a Reconfigure link beside the application.


	NOTE: For more information, see Permissions for Enterprise Reporter tenant applications .

To reconfigure application for a tenant

Open the Tenant Application Manager.

Click Reconfigure beside the application.

If multi-factor authentication has been configured for this account, you will be prompted to complete the verification steps to complete the authentication process.

Once the consent is complete, the Tenant Application Manager will display a Reconfigure link beside the application.


	NOTE: For more information, see Permissions for Enterprise Reporter tenant applications .

Managing Certificates for Tenant Applications

Enterprise Reporter applications are used for Microsoft Teams and Exchange Online cloud discoveries. In addition to the application being registered in your Microsoft Entra environment and consent provided for application permissions, a certificate must be registered with Enterprise Reporter and associated with the related tenant application.

The Exchange Online discovery uses certificate authentication for the entire collection and a certificate is required. The Microsoft Teams discovery uses certificate authentication for only the collection of MS Teams settings and policies. If a certificate is not registered, these attributes will not be collected.

To create a self signed certificate

Open the Tenant Application Manager.

Click Register under the Certificate column beside the application.

The Certificate Manager opens.

Select Create Certificate.

Specify the expiry date for the certificate.

Enter and confirm the password and click OK.

You can optionally select to assign a friendly name for the certificate.

NOTE:

•

This is not part of the certificate itself, but is a value assigned to the certificate within Enterprise Reporter.

•

Since a certificate can only be installed once per computer, you can't have multiple friendly names. Changing the friendly name will affect all applications using that certificate.

Click Accept.

This will upload the PFX file to Enterprise Reporter and extract and upload the certificate to the specified Azure application.

You will be prompted to login to the appropriate tenant.

Once this process completes, you will receive notification of the success upload.

Click OK to close the dialog.

To register a certificate

Open the Tenant Application Manager.

Click Register under the Certificate column beside the application.

The Certificate Manager opens.

Select Import Certificate.

Browse to the certificate.pfx file and enter the required password.

Click Verify to ensure the information is correct and the review the certificate properties.

Click OK.

The Certificate Manager dialog will now include the certificate details.

You can optionally select to assign a friendly name for the certificate.

NOTE:

•

This is not part of the certificate itself, but is a value assigned to the certificate within Enterprise Reporter.

•

Since a certificate can only be installed once per computer, you can't have multiple friendly names. Changing the friendly name will affect all applications using that certificate.

Click Accept.

This will upload the PFX file to Enterprise Reporter and extract and upload the certificate to the specified Azure application.

You will be prompted to login to the appropriate tenant.

Once this process completes, you will receive notification of the success upload.

Click OK to close the dialog.

To use an existing certificate registered with Enterprise Reporter

Open the Tenant Application Manager.

Click Register under the Certificate column beside the application.

The Certificate Manager opens.

Choose Select Certificate.

Select the required certificate and enter the password.

Click Verify to ensure the information is correct and the review the certificate properties.

Click OK.

The Certificate Manager dialog will now include the certificate details.

You can optionally select to assign a friendly name for the certificate.

NOTE:

•

This is not part of the certificate itself, but is a value assigned to the certificate within Enterprise Reporter.

•

Since a certificate can only be installed once per computer, you can't have multiple friendly names. Changing the friendly name will affect all applications using that certificate.

Click Accept.

This will upload the PFX file to Enterprise Reporter and extract and upload the certificate to the specified Azure application.

You will be prompted to login to the appropriate tenant.

Once this process completes, you will receive notification of the success upload.

Click OK to close the dialog.

Creating Your Own Certificate for Discovery Authentication

Due to enhanced security measures, basic authentication is no longer supported for the Exchange Online discovery. The Exchange Online collection uses the Exchange Online PowerShell module and requires a self-signed certificate for app-only authentication. This certificate is used to securely authenticate scripts and automate tasks without storing user credentials locally.

For the Microsoft Teams discovery, credential authentication is still in use for the main collection of mailboxes and public folders. Certificate authentication is used for the collection of MS Teams settings and policies.

The following is an example of using a PowerShell command to generate a self-signed certificate with required parameters for Exchange Online and export the .PFX file. For a certificate to be valid, it must contain a private key that is marked as exportable and must support client and server authentication.

$cert = New-SelfSignedCertificate -DnsName "yourdomain.com" -CertStoreLocation "Cert:\LocalMachine\My" -KeyAlgorithm "RSA" -KeyLength 2048 -NotAfter (Get-Date).AddYears(1)

$thumbprint = $cert.Thumbprint

Export-PfxCertificate -cert "cert:\LocalMachine\My\$($thumbprint)" -FilePath ".\mycert.pfx" -password $password

Using Enterprise Reporter and selecting Import Certificate allows you to provide the path to your X509 certificate (pfx) and Enterprise Reporter to export the public key (.cer) and associate the certificate with the related tenant application. Enterprise Reporter ensures to securely store the certificate thumbprint and securely transports the thumbprint to nodes for authentication during the collection. See To register a certificate for details.

Managing the Logon Configuration

Enterprise Reporter can be configured to bypass the login screen. This eliminates the need to enter the server and port information.

Please select your product:

To serve you better, please complete the Purpose of your Chat:

Recommended Solutions for Your Problem

Enterprise Reporter 3.5.2 - Configuration Manager User Guide

Managing Tenant Applications

Managing Certificates for Tenant Applications

Creating Your Own Certificate for Discovery Authentication

Managing the Logon Configuration