Microsoft 365 Tenant Settings Assessment (DRAFT)

Overview

This template produces a branded PDF report that provides information about the target Microsoft 365 tenant for settings across Azure Active Directory, Exchange Online, Microsoft Group / Teams, OneDrive for Business and SharePoint Online.

This is useful in the following use cases:

  • Microsoft tenant to tenant migration to ensure settings have been configured correctly between source and destination
  • Tenant settings analysis for value added services by MSPs

How it works

This template will retrieve data across the Microsoft 365 tenant to generate a report detailing the following information

  • Branding, External Collaboration, Geo Locations, Group Based Licensing, Security Defaults and User Consent settings for Azure AD
  • Accepted Domain, Spam and Malware filters, Authentication, Archived and Deleted Mailbox Policies, Client Access Rules, Conditional Access Policies, Mail Flow Rules and other Tenant Settings for Exchange Online
  • Group Creation, Group Naming and Guest Settings for Microsoft Teams
  • Notifications, Storage and Sync settings for OneDrive for Business
  • Notifications, Pages, Site Creation and Storage Limits for SharePoint Online

Requirements

Permission Requirements

To run this report, you will require an Azure AD account with the Global Administrator role assigned. All access to data will only for read-only purposes

Graph API permissions requested during the authorization process are

  • Policy read-only
  • Directory read-only
  • Group read-only
  • Organization read-only
  • Sites read-only
  • Domain read-only

Exchange Online role requested during the authorization process are

  • Global Reader access

SharePoint Online role requested during the authorization process is

  • SharePoint Administrator

If sending out the report using your own Exchange Online account, an optional Send Mail authorization will be requested

Getting started

  1. Sign in to your Voleer account or sign up for a new account

  2. On the Library page, select template Microsoft 365 Tenant Settings Assessment

  3. Read the Requirements and configure your account and tenant as stated

  4. Once configured, along the right hand side, select a Workspace, then click on Launch
    image

  5. Configure the template by selecting the sections to be included and the report recipient. If you wish to customize the branding of the report, continue reading, otherwise skip to step 7

  6. Under the section of Report Branding, select Custom
    6.1 Branding can be a combination of a logo shown at the top of the report, font used in the report and primary color used in the table headings. Providing no selections will default with the Voleer logo, Rubik as the font and a light purple as the primary color
    6.2 Logo - Upload your logo by dropping a file into the control or browsing for it on your computer
    6.3 Font Name - Visit fonts.google.com and make note of the font name that best matches your corporate branding. Select the font from the dropdown by typing it in the search bar


    6.4 Primary color - Visit google.com/search?q=colour+picker, pick a color and copy the HEX value

    Copy the HEX value into the Primary Color form field

  7. Submit the configuration by clicking on the Validate Template Configuration button. Fix any issues identified on the form.

  8. Authorize Access to Microsoft Graph by 1) Copying the code, 2) Visiting the link https://microsoft.com/devicecode and completing the authentication process, and then 3) Clicking on the Validate button

  9. Repeat the same steps as 6 for any other authorization and authentication forms.

  10. Validate the details of the configuration and then click on Execute . Note - if the configuration is incorrect, cancel the run and start a new instance

  11. Once completed, you will receive an email with a copy of the report (if configured).