Chat with us, powered by LiveChat

Blog

Back

Technical Review: Configuration Policies, Jobs, and the Audit Log

15 Mar 2019 by Dominik Hoefling

This is the final excerpt from an independent review of our Office 365 management tool by Microsoft MVP Dominik Hoefling. You can read the previous articles here, and here. If you would like to read the entire review, you can download it here.

Configuration Policies

Actions can also be applied automatically in bulk via a Configuration Policy which keeps all the users, groups and other AD objects correctly configured against the baseline that you have specified for that group of users.

Figure 8: Configuration Policies

Also, you can configure those policies for specific OUs and tenant groups as well. Typical bulk operations for a set of multiple users would be:

  • Set the Office 365 usage location
  • Assign license SKUs or license options within different license SKUs. For example, Exchange Online from SKU “tenantname:SPE_E3” (Microsoft 365 E3) and PowerBI Free from SKU “tenatname:POWER_BI_STANDARD”.
  • Set Out of Office replies
  • Set Multi-factor Authentication
  • Etc.

Regarding the list of actions that can be applied, there will be more features and actions constantly added in the future – same as with the Authorization Policies.

Jobs

The jobs area lists all actions that are taken within Autopilot. Every action a delegated admin takes will be logged in the activity menu underneath the jobs section in the left menu.

Figure 9: Jobs Activity

This list of activity will help you to understand if the delegated admins has the ability to run those actions and verify if everything went well. You can see the action, the affected object, tenant group, and time stamp, as well as if the job was successful or not with the appropriate error message.

To understand this a little bit more from a technical perspective: Autopilot has an internal database which stores the current configuration from the tenant. This includes all available users, mailboxes, groups, etc. Actions are applied directly with Office 365 WebHooks, which means there is no synchronization needed and all actions are applied in real-time; this is a great benefit for fast and seamless administrative tasks.  Those changes will be applied, but also stored in the internal database to ensure that the current configuration is always available.

Furthermore, you can schedule your own jobs in Autopilot. This is helpful if you want to schedule your own jobs in a specific time range, for example, you can gather the information from the Secure Score dashboard once per day and add it to the Autopilot dashboard:

Figure 10: Schedule Jobs

The Autopilot dashboard will then show the current Secure Score information:

Figure 11: Autopilot Dashboard with Secure Score

Audit Log

Audit logging is very important, especially if you have multiple delegated admins and different tenants to manage. With Autopilot you can use the audit log menu to view administrator activity in your tenants. Besides administrator activity you can also show and hide system events which are generated log files for automatic systems tasks, like getting the current tenant Secure Score, or all available licenses in each tenant.

Figure 12: Audit Log

Audit logs can be key in figuring out the root cause of any changes to your objects and identifying what’s going on in your environment.

Summary

Delegated administration within Office 365 is hard to achieve. There are only some built-in capabilities for administration tasks, like RBAC and other admin roles in Azure and Office 365. With Autopilot you can see and manage only the users that you are responsible for. Furthermore, it is possible to add multiple tenants to the Autopilot application which offers a single administration interface. Even the on-premises agent works great and you can synchronize your on-premises Organization Unit structure to Autopilot and, even more, you have the possibility to set, change, and delete on-premises attributes as well. This is very useful if you are in a hybrid configuration and synchronize your identities to Azure Active Directory.

During my evaluation, the Autopilot support team were quick to respond to my questions. A lot of new features and improvements happened, and fortunately I was able to review the newest available beta-version of Autopilot.

As I already mentioned in the beginning of this review, not only large and complex organizations would benefit of Autopilot. Organizations of any size would benefit of a delegated administration tool for their Office 365 environment.

If you would like to find out more about how this solution can enable you to streamline administration, save time, and increase operational efficiency, please contact us to get further information. 

Dominik Hoefling is a Senior Consultant for atwork deutschland GmbH. He currently works in Microsoft technologies, especially in Microsoft Exchange, Exchange Online and Office 365. He holds several Microsoft certifications including MCSA for Office 365, MCSE Messaging and MCITP Enterprise Administrator for Windows Server. Dominik also writes technical blog posts for international companies and various topics about Exchange Hybrid deployments, Identity, and Office 365. You can follow Dominik via twitter (@DominikHoefling) or his blog www.dominikhoefling.com.
whois: Andy White Freelance WordPress Developer London