eG Monitoring
 

Measures reported by ODBSAdminActTest

In OneDrive for Business, administration can be separated into four primary roles: Office 365 Global Administrator, SharePoint Online Administrator, Site Collection Administrator, and Site Owner/Administrator.

  • Global Administrators: Global Administrators, also known as the “Company Admin” or the “Tenant Admin”, can configure any Office 365 settings and gain access to any level of the SharePoint site. Compared to the SharePoint Admin and the Site Collection admin, the Global Admin is the only role able to manage user groups and reset user passwords. Furthermore, global admins are the only admins who can assign other admin roles, outside of Site admins. You can have more than one Global Admin.

  • SharePoint Administrators: SharePoint Online Administrators can create and manage site collections, delegate site collection administrators and allocate space between the different Site Collections. Compared to the Global Admin, SharePoint Admins will be able to view user information but, will not be able to modify existing information. In SharePoint Online, Global Administrators are also SharePoint Online Administrators.

  • Site Collection Administrators: Site Collection Administrators are responsible for creating and maintaining sites and content within a site collection. Primary functions for the Site Collection Admin include managing permissions and restricting access where necessary, and managing content types, site columns and templates for re-use in the sites and update site structure based on content requirements. Site Collection Administrators can also assign other users to be a Site Collection Administrator to their Site Collection. Compared to Global and SharePoint admins, Site Collection Admins do not have access to the Office 365 Admin portal, thus they will not be able to see any user information.

  • Site Owner/Administrator: A Site Owner/Administrator is vested with “Full control” to specific site(s) within a site collection. He/she is allowed to create and delete lists and libraries, grant other users permissions, activate site features, create new subsites, etc.

Because administrators are vested with many privileges and few restrictions, and since only a thin line separates the privileges of one administrator from another's, there is always the probability that changes made by one administrator get inadvertently overridden by another! This presents a strong case for monitoring administrative operations, capturing changes made across the SharePoint Online organization, and most importantly, identifying which administrator effected what change. This is exactly what the ODBSAdminActTest does!

This test helps in auditing administrative operations by closely monitoring administrative activities on OneDrive for Business and reporting the count of such activities. Detailed diagnostics provided by the test shed light on what administrative operations were performed on OneDrive for Business, who are the administrators who performed them, from which clients were such operations initiated, and which sites were impacted by them.

Outputs of the test: One set of results for the Office 365 tenant being monitored.

The measures made by this test are as follows:

Measurement Description Measurement Unit Interpretation
Total_operations Indicates the total number of operations performed by administrators. Number

The value of this measure is the sum of the values of all measures reported under the section Site Administration Operations, in the Layers tab page of the eG monitoring console.
Unique_operations Indicates the count of unique administrative operations that were performed on OneDrive for Business. Number

To know which operations were performed, use the detailed diagnosis of this measure.
Unique_users Indicates the count of unique administrative users who performed the operations. Number

To know which are the administrators who performed the administrative operations, use the detailed diagnosis of this measure.
Unique_client_IPs Indicates the number of unique clients from which the administrators initiated their administrative operations. Number

Use the detailed diagnosis of this measure to determine the IP addresses of the clients from which the administrators performed administrative operations.
Unique_sites Indicates the number of unique sites on which the administrative operations were performed. Number

Use the detailed diagnosis of the OneDrive for Business sites on which the administrative operations were performed.
Affected_item_types Indicates the number of types of items that were affected by the administrative operations. Number

To know what type of items were affected by the administrative operations, use the detailed diagnosis of this measure.
Unique_destinations Indicates the destination URLs of the administrative operations that were performed. Number

To know the unique destination URLs, use the detailed diagnosis of this measure.
Unique_user_agents Indicates the unique user agents of browsers used for performing administrative operations. Number

To know the unique user-agent strings of the browsers used in administrative tasks, use the detailed diagnosis of this measure.
Usr_agent_exmpt_addition Indicates the number of times additions were made to the list of exempt user agents in the SharePoint admin center. Number

InfoPath Forms Services in SharePoint Online lets you deploy your organization's forms to your sites, enabling users fill out these forms in a web browser.

To make indexing InfoPath forms faster and easier, you can specify which user agents to exempt from receiving an entire webpage to index. This means that when a user agent you have specified as exempt encounters an InfoPath form, the form will be returned as an XML file (which looks like a hierarchical text file) instead of an entire webpage.

This measure reports a non-zero value if a SharePoint administrator or Global administrator adds one/more user agents to the list of exempt user agents, so that InfoPath forms are indexed quickly.
Usr_agent_exmpt_modifitn Indicates the number of times administrators have modified the list of exempt user agents in the SharePoint admin center. Number

This measure reports a non-zero value if a SharePoint administrator or Global administrator customized the list of exempt user agents.
Sit_collectn_admin_addtn Indicates the number of site collection administrators added. Number

Site collection administrators have full control permissions for the site collection and all subsites.

A Site Collection administrator can also add a person as a site collection administrator for a site. If this happens, then the value of this measure will get incremented.
User_group_additions Indicates the number of times new members or guests were added to OneDrive groups. Number

Sometimes, intentionally or as a result of another activity (eg., sharing), a user may add a member or guest to a SharePoint group. When this happens, the value of this measure will increase.
Add_usergroup_permits Indicates the number of times administrators allowed other users to create groups. Number

A Site administrator can add a permission level to a site hat allows a user assigned that permission to create a group for that site. When this happens, the value of this measure will increase.
Sharing_policy_modifctn Indicates the number of times sharing policies were modified by administrators. Number

A SharePoint administrator or Global administrator changed a SharePoint sharing policy by using the Office 365 admin portal, SharePoint admin portal, or SharePoint Online Management Shell. Whenever a SharePoint sharing policy is so changed, the value of this measure gets incremented.
Group_additions Indicates the number of times administrators added groups to sites. Number

Site administrator or owner creates a group for a site, or performs a task that results in a group being created. For example, the first time a user creates a link to share a file, a system group is added to the user's OneDrive for Business site. This event can also be a result of a user creating a link with edit permissions to a shared file.

Whenever a group is so created for a site, the value of this measure gets incremented.
Send_to_conn_creation Indicates the number of Send To connections that were created by administrators. Number

A SharePoint or Global administrator can create a new Send To connection on the Records management page in the SharePoint admin center. A Send To connection specifies settings for a document repository or a records center. When you create a Send To connection, a Content Organizer can submit documents to the specified location.

When a Send To connection is so created, the value of this measure increased.
Site_collection_creation Indicates the number of times administrators created site collections in the OneDrive for Business organization. Number

A SharePoint or global administratorcan create a new site collection in your SharePoint Online organization or a user can provision their OneDrive for Business site. Whenever one of these events occur, the value of this measure gets incremented.
Group_deletes Indicates the number of groups deleted by users/administrators. Number

Whenever a user/administrator deletes a group from site, the value of this measure gets incremented.
Send_to_conn_deletes Indicates the number of Send To connections deleted by administrators. Number

A SharePoint or global administrator deletes a Send To connection on the Records management page in the SharePoint admin center. A Send To connection specifies settings for a document repository or a records center. When you create a Send To connection, a Content Organizer can submit documents to the specified location.

When a Send To connection is deleted, the value of this measure is incremented.
Site_deletes Indicates the number of sites deleted by administrators. Number

Whenever a site administrator deletes a site, the value of this measure is incremented.
Document_preview_permits Indicates the number of times site administrators enabled document preview. Number

Document Preview, when enabled, extends and leverages SharePoint document management capabilities by embedding pure HTML viewers for dozens of file formats into SharePoint document libraries and SharePoint Search centers. These viewers facilitate graphical preview of document content.

The value of this measure increases whenever a Site administrator enables document preview for a site.
Workflow_task_contnt Indicates the number of Workflow task content types added by site administrators to their sites. Number

OneDrive workflows are pre-programmed mini-applications that streamline and automate a wide variety of business processes. Workflows can range from collecting signatures, feedback, or approvals for a plan or document, to tracking the current status of a routine procedure.

For example, take a document approval process. Running this process manually can mean a lot of checking up and keeping track, forwarding documents and sending reminders - and each of those tasks has to be performed by you or by one or more of your colleagues. That means a lot of extra work and (maybe even worse) a constant stream of interruptions. But when you use the SharePoint Document Approval workflow to run the process, all of that checking and tracking and reminding and forwarding is done by the workflow, automatically. If someone is late in completing a task, or if some other hitch arises, most of the included workflows generate a notification to let you know about it. Nobody in the group has to proactively monitor the process because with a SharePoint workflow, the process is always proactively monitoring itself.

When a task is added to a Workflow, the value of this measure increases.
Office_ondemand_permits Indicates the number of times the Office on Demand feature was enabled. Number

Office on Demand is a feature that provides online access to full rich Office desktop applications, including Word, Excel, and PowerPoint, when you are using a PC that doesn't have the latest version of Office installed locally.

Whenever a Site administrator/owner enables Office on Demand, the value of this measure gets incremented.
News_feed_permits Indicates the number of times RSS feeds were allowed. Number

Really Simple Syndication (RSS) is a way for you to make news, blogs, and other content on a site available to subscribers. When RSS is turned on, it can be managed for site collections, sites, lists, and libraries. Your permissions on the site determine at what level you can manage RSS.

Whenever a Site administrator/Site owner enables RSS feeds for a site, or a Global administrator enables RSS feeds for an entire organization, the value of this measure increases.
Site_permissn_modifictn Indicates the number of times administrators modified site permissions. Number

Site administrator or owner (or system account) can change the permission level that are assigned to a group on a site.

Whenever this happens, the value of this measure increases.
Removals_from_group Indicates the number of times members/guests were removed from OneDrive groups. Number

Whenever a user removes a member/guest from an OneDrive group, the value of this measure increases.
Site_renames Indicates the number of times sites were renamed. Number

Whenever a Site administrator/owner renames a site, the value of this measure increases.
Site_admin_requests Indicates the number of times users requested to be added as site collection administrators to a site collection. Number

Whenever a Site collection administrator receives a request from a user to add him/her as a site collection administrators, the value of this measure gets incremented.
Host_site_changes Indicates the number of times the sites hosted by the desginated site were changed. Number

A SharePoint or global administrator can change the designated site to host personal or OneDrive for Business sites. When this happens, the value of this measure changes.
Group_settings_changes Indicates the number of times the settings of groups were changed. Number

A Site administrator or owner can change the settings of a group for a site. This can include changing the group's name, who can view or edit the group membership, and how membership requests are handled. Whenever such a change is made, the value of this measure increases.