Chat now with support
Chat with Support

Unified Communications Analytics 8.6 - Deployment Guide

Prerequisites for your installation Installing UC Analytics Configuring UC Analytics Adding data sources for Active Directory or Azure Active Directory Adding data sources, chargeback costs, and thresholds for Exchange and Exchange Online
Permissions needed to collect Exchange on-premises or hybrid data Permissions needed to collect from native Exchange Online Creating an Exchange Configuration data source Creating an Exchange Tracking Logs data source Creating an Exchange Mailbox Contents data source Do I need both Exchange Tracking Logs and Exchange Mailbox Contents collections? Creating an Exchange IIS Logs data source Creating an Exchange Mailbox Content Summary data source Creating an Exchange Calendar data source Creating an Exchange Public Folders data source Adding Exchange Online hybrid data sources for hybrid Office 365 Adding Exchange Online data sources for native Office 365 Setting chargeback costs for Exchange Setting thresholds for Exchange metrics Omitting words when filtering by subject or body
Adding data sources, chargeback costs, and thresholds for Skype for Business/Lync Adding data sources, chargeback, and thresholds for Cisco Managing which insights can seen by users Configuring and managing subscriptions Making changes to your deployment Appendix A:Configuring Impersonation Appendix B:Configuring the Skype for Business or Lync Server Appendix C:Configuring IIS Log Files to capture ActiveSync or OWA events Appendix D:PowerShell cmdlets used by data sources Appendix E:Custom configurations and backup and recovery options Appendix F: Questions and answers about configuration

Classifying domains for message traffic

You also can assign classifications to domains that determine how messages to and from the domains are classified in the insights. For example, using the Classification page you could specify that gmail.com should be classified as a “Personal” domain. For email where the sender or the receiver is in the specified domain, the messages are tagged with the associated classification.

You can assign domains to the following categories:

2
Click Classifications and click Domain Classifications.
3
Click Add domain classifications.

Setting time zone usage for all users

By default, UC Analytics uses the time zone set in each user profile when displaying data in the insights. Typically, the default is the time zone set for the computer operating system though, in the user profile, a user can set an individual time zone.

In the Queries tile under Admin Settings, you can specify a time zone setting that is used globally for all users. If a specific UTC time zone is set globally for all users, the individual time zone setting for each user profile is disabled.

2
Click Queries.
3
Under Time Zone, select For all users and select one of the following options.

To avoid fluctuations in historical data in insights that show continuous data such as Email Activity and Email Details, after daylight saving time starts or ends, you can set the time zone without daylight saving time adjustment.

For example, while daylight saving time is in effect, the Email Activity insight shows daily counts for midnight to midnight, daylight saving time. When daylight saving time ends, the Email Activity insight shows daily counts for midnight to midnight, standard time. If you set the time zone without the daylight saving time adjustment, the data will be presented using the same standard time midnight day boundaries, regardless of whether daylight saving time is currently in effect or not.

For large organizations that have users that span several time zones, you could use the specific time zone setting to force all user data to be displayed using the same time zone. For example, to keep data consistent, you could set the time zone to UTC +0. This will also turn off daylight saving time adjustment and result in data presented with the same midnight day boundaries for every user.

Granting full access to Admin Settings

In the Security settings, under the Access to Tenant Configuration heading, you can add a user to grant the account full access to the Admin Settings that are used to configure UC Analytics. This user is a product administrator. However, this option only grants access to the Admin Settings used to configure UC Analytics and does not grant access to the collected data.

For product administrator to have access to the collected data in insights, both aggregate and unrestricted, you must also grant the account access for each type of data. For information see Granting users access to data .

2
Click Security.
4
Leave the Grant access to all users in all target environments check box empty.
7
Click Add. and click Save.

If you have a multiple tenant implementation, you might want to create a tenant administrator who would only have access to the configuration settings for a specific environment (tenant).

2
Click Security.
4
Leave the Grant access to all users in all target environments check box empty.
7
Click Add.and click Save.

Granting users access to data

The Security settings allow you to grant users access to data that is displayed in the insights. You can grant access (aggregate or unrestricted) to the different types of collected data such as:

You can grant access to all users in all target environments or grant access to specific users in a specific target environment.

If you have configured additional forests or an Office 365 target environment (for a native Office 365 deployment), when you click Add Users to grant access to a specific type of data, you must select the target environment (an Active Directory forest or an Office 365 site) for the users.

For the users who are being granted access:

2
Click Security.
3
To grant access to a specific type of data, click Add Users in the section for that type of data.
5
If you want to grant access to all users, select the Grant access to all users in all target environments check box.
6
Click Add.
7
Click Save.

Unlike a product administrator who has access to the configuration settings for all environments (tenants), a tenant administrator can only configure settings for a specific environment.

Workaround

You can add the user by entering the user SAM account name.

Security settings allow you to grant users access to specific types of collected data. The types of data are grouped into separate categories which reflect the insights in which the data is shown.

By default, all aggregate access is granted to everyone for all types of data. For information about the difference between aggregate and unrestricted access to data, see Differences between aggregate and unrestricted access .

TIP: If you do not have access to a certain insight (appears dimmed in the insight library) and you want to know what type of access is required to see the insight, click the Launch Default button for the insight. A message is displayed that indicates what type of data access is required to view data in the insight.

For cross-platform data, you can grant the following access to the aggregated and unrestricted data:

Aggregate

Summary (aggregate) information about the collected messages from Exchange and about the Skype for Business/Lync peer-to-peer sessions and conferences.

This access does not include details about individual messages or about individual sessions and conferences.

Unrestricted

Unrestricted access to the details of all the messages that everyone has sent or received in all the targeted mailboxes, and details about all the sessions and conferences in which the targeted users participated.

It is recommended that this access be granted only to select personnel.

For Exchange mail client connectivity data, you can grant users access to information about how users are connecting to Exchange using ActiveSync and OWA. You can set aggregate or unrestricted access.

Aggregate

Summary information about ActiveSync and OWA activity such as shown in the ActiveSync - Server Activity, ActiveSync - User Activity, Outlook on the Web (OWA) - Activity. or Outlook on the Web (OWA) vs. ActiveSync Unique Usage insights.

Unrestricted

Unrestricted grants access to detailed information about ActiveSync and OWA activity, such as shown in the Outlook on the Web (OWA) - Logon Details and the ActiveSync - Event Details insights.

It is recommended that this access be granted only to select personnel.

The Exchange Mail Client Connectivity security setting is used to grant access to all OWA insights and to ActiveSync insights that show ActiveSync event activity. These insights are as follows:

Not all ActiveSync insights are affected by the Exchange Mail Client Connectivity security settings. Security for some ActiveSync insights is set using the Exchange Message Data settings. For example, access to insights that show ActiveSync inventory or message data is granted using the Exchange Message Data settings. These insights are as follows:

For Exchange messaging, public folder, and calendar data, you can allow users to see only aggregated information or also the detailed data about the messages and other Exchange data.

Aggregate

Summary (aggregate) information about the collected messages and public folder statistics. This access does not include details about individual messages or information that is considered “private”.

Unrestricted

Unrestricted access to the details of all messages sent or received in targeted mailboxes. Also includes the details for individual meetings that are scheduled in Outlook (Exchange meetings).

It is recommended that this access be granted only to select personnel.

For Exchange DLP policy rule match data, you can provide separate access for users:

Unrestricted

Unrestricted access to all the individual DLP policy rule matches.

It is recommended that this access be granted only to select personnel.

For Cisco usage data, you can provide separate access to users:

Aggregate

Summary (aggregate) information about Cisco usage data. This access does not include details about individual peer-to-peer sessions and conferences.

Unrestricted

Unrestricted access to all the detailed Cisco information for the individual peer-to-peer sessions and conferences.

It is recommended that this access be granted only to select personnel.

For Skype for Business/Lync configuration and Skype for Business/Lync session, enterprise voice, and conference data, there are different types of access that can be granted to users:

Aggregate

Summary (aggregate) information about Skype for Business/Lync sessions and conferences. This security access does not include details about individual sessions and conferences.

Unrestricted

Unrestricted access to the details of all the Skype for Business/Lync sessions and conferences in the data collected from the CDR database.

It is recommended that this access be granted only to select personnel.

For Skype for Business/Lync Quality of Experience (QoE) data, you can provide separate access to users:

Aggregate

Summary (aggregate) information about Skype for Business/Lync QoE data. This access does not include details about individual calls, sessions, and conferences.

Unrestricted

Unrestricted access to all the detailed QoE information for the individual calls, sessions, and conferences.

It is recommended that this access be granted only to select personnel.

If you have aggregate access to data, you can view “public” information in insights. Public information is information that does not specifically identify both individuals in a messaging transaction or does not include “private” information such as message subject, file attachment name, or message ID. If you are collecting message body information, the message body is also considered private.

Other information is considered “sensitive” and may be available for aggregate access depending on the filters you have set in the insight. Sensitive information can include information such as: file attachment extensions, subject keywords, participants, send and received time of day, and importance.

Though you can view sensitive information with aggregate access, sensitive information is not available for specific individuals unless you have unrestricted access. Generally, with aggregate access, you can view insights that contain one sensitive item but not two or more sensitive items.

For example, if you have aggregate access to data, you can view insights that contain information to answer questions such as:

However, you cannot view an insight that shows private information that answers questions such as:

To see detailed and private information in insights, you must have a security access of Unrestricted for the type of data reported in the insight.

For information about hiding certain insights from users, or only showing certain insights to some users, see Setting insight visibility settings .

Related Documents