Before you begin using Nova Reporting, you need to connect your tenant to the platform. This is completed through the on-boarding wizard. The steps to complete this are below.
Step 1: Connecting your tenant
Before proceeding, make sure to read the Microsoft permissions that you will need to accept in point 6 below.
1.Accept the invitation in your email to join the Quadrotech Platform.
2.Check the 'Consent on behalf of your organization' box and click 'Accept'.
3.Go back to your emails, and follow the link to start using the platform.
4.Once you are within Nova, click 'My Organization'. This will direct you to the wizard.
NOTE: The following steps (5 and 6) must be performed by a Global Administrator.
5.Enter your tenant name and click 'Connect tenant'.
6.Click 'Accept'. Nova will then begin to connect your tenant. Click 'Next'.
Step 2: Adding the service account
NOTE: You are required to create a new user in your tenant using either the Admin Center or PowerShell, and enter those details in this step. Refer to the Service Accounts for Reporting section for more information.
1.After you have created your service account credentials, enter the name for the service account. This is an identifier, so make it unique for the service account.
2.Enter the username and password for the service account and click 'Confirm'.
Step 3: Data collection provisioning
1.Select a region for data collection depending on the needs of the environment. Once this has been provisioned, click 'next'.
2.Click 'Open Dashboard', which will navigate you to the Nova dashboard.
How do I know that my Reporting license has been provisioned?
Licensing for your Nova Reporting subscription should be provisioned instantaneously upon on-boarding. To check this.
1.On the top left hand side, click the menu icon, and select TMS Client.
2.Under My Organization, check that the icon under Reporting has is green with a tick, as indicated below:
How do I know the length of my subscription?
You can check the length of your Reporting subscription, including start and end dates, by doing the following:
1.On the top left hand side, click the menu icon, and select TMS Client.
2.Under My Organization, on the right hand side, click the Subscriptions tab.
3.Here, you will find a list of the current subscriptions for each Nova feature.
Why am I being asked to approve new admin consent?
You may see a banner on the Nova dashboard indicating to approve new admin consent for Nova Reporting. This is because new permissions need to be granted consent to allow SharePoint functionalities to work correctly. To grant this new admin consent (using a global administrator account):
1.On the Nova dashboard, in the banner, click New admin consent approval required.
2.Login using a global administrator account.
3.Read and review the permissions.
4.Click Accept. This will take you back to the Nova dashboard.
To be granted access to Nova Reporting, you need to accept Microsoft permissions during the on-boarding process of connecting your tenant. A list of Microsoft permissions for Reporting can be seen here.
Nova Reporting uses service accounts to collect data from Office 365 tenants. Service accounts are used to collect data via PowerShell in cases where data can not be collected via GraphAPI.
This article explains how to create a Read-Only Administrator account in Office 365 for use with Nova. It is important that you complete all the steps. Service account can be created via:
·Microsoft 365 Admin Center
Your organization will not be charged by Microsoft for this account as it does not require an Office 365 license.
Creating the service account via the Microsoft 365 Admin Center
NOTE: Multi-Factor Authentication needs to be disabled to create the service account.
You can also create the service account via the Microsoft 365 Admin Center, however you would still need to run a final PowerShell cmdlet to ensure that the password does not expire.
1.On the Admin home page, go to Users > Active users and click on button Add a user.
2.Enter a Display Name e.g. Service Account for Nova Reporting.
3.Enter a User Name e.g. NovaReporting.
4.Ensure that the domain is the company.onmicrosoft.com domain.
5.Select Let me create a password and enter a strong password
6.Ensure Require this user to change their password when they first sign in is NOT ticked.
7.In the Product licenses page, choose Create user without product license.
8.In the Optional settings page, choose Admin center access and select Global reader.
9.Review all of your data and click Finish adding in the last page.
NOTE: If the password of the service account needs to be changed or is expired, it must be changed in Office and in Tenant Management System Client.
If your company policy allows passwords to never expire you can do it via PowerShell:
Set-MsolUser -UserPrincipalName NovaReporting@company.onmicrosoft.com -PasswordNeverExpires $true
Creating the service account using PowerShell
Connecting to Office 365
Before we begin, you need to install the Microsoft Online Service Module onto your machine. See Connecting to Office 365 Using PowerShell how instructions on how to do this.
Now open up Windows PowerShell and Copy & Paste in the following commands to connect to Office 365.
Please enter the username and password of an Office 365 Administrator account when prompted.
$Office365credentials = Get-Credential
Connect-MsolService -Credential $Office365credentials
Creating the service account
Now that you are connected to Office 365 in PowerShell, we can create the Service account.
Modify the line below and set the company.onmicrosoft.com part to match your own Office 365 .onmicrosoft.com domain and replace the password with a secure password of your own. We recommend a password of 10 characters or more that includes a mixture of capital and lower case letters, numbers and special characters.
New-MSolUser -DisplayName "Service Account for Nova Reporting" -UserPrincipalName "NovaReporting@company.onmicrosoft.com" -Password "Password123" -PasswordNeverExpires $true -ForceChangePassword $false
Next we need to add our new account to the Global reader'. You can do this by copying and pasting the following line into the PowerShell window.
Remember to set the company.onmicrosoft.com part to match your Office 365 domain name.
Add-MSOLRoleMember RoleName "Global reader" RoleMemberEmailAddress NovaReporting@company.onmicrosoft.com
Please note that you will not receive any confirmation if the commands are successful. You can check if the service account was set correctly by running PowerShell commands below:
$role = Get-MsolRole -RoleName "Global reader"
Get-MsolRoleMember -RoleObjectId $role.ObjectId
Another great management option for Office 365 is to use PowerShell, a command line interface that connects to Office 365 via the Internet.
Whilst it may seem daunting to people unfamiliar with working on the Command Line, it is simpler than it seems. This blog post will guide you through the basics of connecting to PowerShell.
Set up your computer to use Office 365 PowerShell
Firstly, you need to set up your computer with the necessary PowerShell modules. This only needs to be done once, however you need to have administrative permissions on the computer. Unfortunately, Microsoft has made this part very confusing, as there are multiple versions of the PowerShell module available.
The newest version is known as the Azure AD PowerShell module and is distributed via the PowerShell Gallery. This unfortunately means that you cannot download the module directly. Instead, you will need to use the PowerShellGet module, which might not be available on your system. In this case, you will have to install the module by using one of the methods detailed in this article.
An older version of the module, known as the Windows Azure Active Directory PowerShell or MSOnline module is also available. Like the Azure AD module, it is also being distributed via the PowerShell Gallery, however an MSI installer version can be downloaded from here.
Both the Azure AD and MSOnline modules also have a Preview version, further contributing to the confusion. What is even worse, some functionalities are only available in specific module versions, thus it might be necessary to have multiple versions installed and to use them interchangeably.
Connecting PowerShell to Office 365
Regardless of which version of the module you install, connecting to Office 365 is performed by executing a cmdlet. To connect via the Azure AD module, use:
To connect via the older MSOnline module, use:
You will be prompted for credentials. Enter the full UPN (User principal name) value of your Office 365 administrator account as well as your password. Depending on the settings you have configured, you might be asked to perform additional verification via Azure MFA.
Connecting PowerShell to Exchange Online
To connect PowerShell to Exchange Online, you will need to configure the execution policy to allow execution of signed PowerShell script. You can find detailed steps in this article. You need to perform them only once on each machine you will be connecting fromOnce the execution policy is configured, you need to create a connection to Office 365. You can do this by typing (or copying/pasting) the following into PowerShell.
NOTE: To paste into PowerShell you use Right Click. Here is a video on how to use Copy and Paste in PowerShell.
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential (Get-Credential) -Authentication Basic -AllowRedirection
Once this is in the PowerShell window, press Enter to execute the command.
Now you simply type in the username and password for an Administrator account in your Office 365 and click OK. You may see some warnings, but they are part of the process.
You are now authenticated into Office 365 and have a session open. The last step is to fetch all the available cmdlets by using the following PowerShell command:
You should now be connected.
Now you have gone to all the trouble of connecting to PowerShell, you should run a task to prove that it works. Type the following into the PowerShell window and press Enter:
You should now see a list of all the users in your Office 365 account that have mailboxes.