Agents Administration - Tests
 

Default Parameters for SPOFolderActTest

This test tracks the folder operations that users perform on SharePoint Online and reports the total count of operations of each type. The load imposed by folder operations and the type of operations contributing to this load can thus be determined. Additionally, the count of unique users who performed the various folder operations is reported, with detailed diagnostics pointing administrators to the precise users and the operations they performed. This helps administrators identify users who may have performed an unauthorized operation. The unique clients from which the users initiated the folder operations and the unique sites where the folders are stored are provided as part of detailed diagnostics, so as to enable administrators audit the operations efficiently.

This page depicts the default parameters that need to be configured for the SPOFolderActTest test.

  • The TEST PERIOD list box helps the user to decide how often this test needs to be executed.

  • For execution, this test requires the privileges of an O365 user who has been assigned the Service support admin and SharePoint admin roles and is vested with the View-Only Audit Logs permissions. Configure the credentials of such a user against O365 USER NAME and O365 PASSWORD text boxes. Confirm the password by retyping it in the CONFIRM PASSWORD text box.

    While you can use the credentials of any existing O365 user with the afore-said privileges, it is recommended that you create a special user for monitoring purposes using the Office 365 portal and use the credentials of that user here. To know how to create a new user using the Office 365 portal and assign the required privileges to that user, refer to the Creating a New User in the Office 365 Portal available under Pre-requisites for Monitoring Microsoft SharePoint Online section of the Monitoring SharePoint Online document.

  • To have a personalized business email address, team site address, or even an account name, you set up a domain name with Office 365. A domain is a unique name that appears after the @ sign in email addresses, and after www. in web addresses. It typically takes the form of your organization's name and a standard Internet suffix, such as yourbusiness.com or stateuniversity.edu. Office 365 gives you an initial domain name to use. By default, this will be of the format: *.onmicrosoft.com - eg., abc.onmicrosoft.com. To enable this test to pull metrics, you need to configure the test with the name of this initial domain. Therefore, configure the O365 DOMAIN parameter with the name of the initial domain. To know what is your Office 365 initial domain name, do the following:

    • Log on to the Microsoft Office 365 Online Portal using an administrative account.

    • Under Management, click on Domains.

    • The initial domain should be listed with a name ending with .onmicrosoft.com.

  • The DOMAIN, DOMAIN USER, DOMAIN PASSWORD and CONFIRM PASSWORD parameters are applicable only if the eG agent needs to communicate with the Office 365 portal via a Proxy server.

    In this case, in the DOMAIN text box, specify the name of the Windows domain to which the eG agent host belongs. In the DOMAIN USER NAME text box, mention the name of a valid domain user with login rights to the eG agent host. Provide the password of that user in the DOMAIN PASSWORD text box and confirm that password by retyping it in the CONFIRM PASSWORD text box.

    On the other hand, if the eG agent is not behind a Proxy server, then you need not disturb the default setting of these parameters. By default, these parameters are set to none.

  • The PROXY HOST, PROXY PORT, PROXY USER NAME, PROXY PASSWORD and CONFIRM PASSWORD parameters are applicable only if the eG agent needs to communicate with the Office 365 portal via a Proxy server.

    In this case, provide the IP/host name and port number of the Proxy server that the eG agent should use in the PROXY HOST and PROXY PORT parameters, respectively.

    If the Proxy server requires authentication, then specify the credentials of a valid Proxy user against the PROXY USER NAME and PROXY PASSWORD text boxes. Confirm that password by retyping it in the CONFIRM PASSWORD text box. If the Proxy server does not require authentication, then specify none against the PROXY USER NAME, PROXY PASSWORD, and CONFIRM PASSWORD text boxes.

    On the other hand, if the eG agent is not behind a Proxy server, then you need not disturb the default setting of any of the Proxy-related parameters. By default, these parameters are set to none.

  • By default, the REPORT SYSTEM ACCOUNT LOG ENTRIES flag is set to No. This means that, by default, the test ignores all operations performed by Windows System Accounts. A System Account in Windows is used by the operating system and by services that run under Windows. There are many services and processes within Windows that need the capability to log on internally (for example during a Windows installation). The system account was designed for that purpose; it is an internal account, does not show up in User Manager, cannot be added to any groups, and cannot have user rights assigned to it. On the other hand, the system account does show up on an NTFS volume in File Manager in the Permissions portion of the Security menu. By default, the system account is granted full control to all files on an NTFS volume. Here the system account has the same functional privileges as the administrator account.

    If you want the test to monitor and report on operations performed by Windows System Accounts as well, set this flag to Yes.

    Note:

    By default, this test does not monitor the operations of the NT AUTHORITY\SYSTEM and SHAREPOINT\system accounts. This is governed by the System_Account_Names parameter in the [SPO_Audited_Activities] section of the eg_tests.ini file (in the <EG_INSTALL_DIR>\manager\config directory). If required, you can exclude more Windows system accounts from monitoring. For that, do the following:

    • Edit the eg_tests.ini file (in the <EG_INSTALL_DIR>\manager\config directory).

    • Look for the System_Account_Names parameter in the [SPO_Audited_Activities] section of the file. You will find that this parameter is by default set as follows:

      System_Account_Names=NT AUTHORITY\SYSTEM,SHAREPOINT\system

    • To exclude more Windows system accounts from monitoring, you need to modify the System_Account_Names parameter by appending more system accounts to the comma-separated list.

    • Finally, save the file.

  • The DD FREQUENCY refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 2:1. This indicates that, by default, detailed measures will be generated every time this test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD FREQUENCY.

  • Once the above values are provided, click on the UPDATE button to register the changes made.

When changing default configurations of tests, the values with “$” indicate variables that will be replaced by the eG system according to the specific server being managed - for instance, $hostName is the host/nickname of the target host, $port is the port number of the server being monitored. E.g., for a server xyz:80, $hostName will be changed automatically by the eG manager to “xyz*” and $port will be changed to “80” when configuring a test.