On-Premises File Servers

Reviewing audit logs – Monitoring Microsoft 365 Tenant Health

Posted on by Adriana Guarin

Application audit logs are useful for reviewing actions that have occurred in your tenant. You can view these audit logs from the Enterprise applications page in the Azure portal, as shown in Figure 2.13:

Figure 2.13 – Enterprise application audit logs

These audit logs show data regarding the service principal, applications, and type of action performed. You can select an individual audit item to view additional details. You can also perform filtering on several fields such as Status (Success or Failure), Initiated by (actor) (user or security principal that executed the action), User agent (device type or browser where the action was submitted), and Target (application or service that was affected).

You can also select an individual application (Enterprise applications | All applications) and view all of the audit logs that pertain specifically to that application.

Reviewing the sign-ins report

The sign-ins report shows data related specifically to sign-ins. Like the audit log data, you can view it across all applications (from the Enterprise applications | Audit logs page) or just for an individual application, as shown in Figure 2.14:

Figure 2.14 – Application sign-in logs

The application sign-in logs are useful for identifying potentially anomalous or malicious behavior. For example, if you see several failures for a particular user and they have a multifactor authentication requirement configured, the user may have a compromised password. If you see several failures for different users that are related to the same application, you may have an identity provisioning or single sign-on problem that needs to be addressed.

Sending activity log data to Azure Monitor

Azure Monitor is an additional subscription service that can be used to store and analyze logging and auditing data from a variety of sources, including Azure Active Directory, virtual machines, and applications. By connecting Azure AD data to Azure Monitor, you can enable Microsoft Defender to gain access to this data so that you can compare it against security logs, thereby improving risk management:

  1. From the Azure portal (https://portal.azure.com), enter Log Analytics workspaces in the search box.
  2. Click Create.
  3. From the Subscription drop-down menu, select an Azure subscription.
  4. From the Resource group drop-down menu, select an existing resource group or click Create new to create a new one.
  5. Enter a new workspace Name and select a Region option for where you want to provision the workspace.
  6. Click Review + Create.
  7. Click Create.

Once the workspace has been provisioned, you can connect the activity log to Azure Monitor.

Creating and managing service requests – Monitoring Microsoft 365 Tenant Health

Posted on by Adriana Guarin

As you learned in the previous chapter, the Microsoft 365 tenant is the security and content boundary for your organization. You have control over the content that goes into your tenant, as well as the security controls that you apply to it. However, you don’t have control over external factors such as connectivity between platform services, errors that are introduced from the service provider’s side, or errors with your environment connecting to Microsoft 365.

That’s where monitoring the health of the tenant comes into play.

Like any other service that you are responsible for managing, you also need to be able to develop and execute an incident response plan.

In this chapter, we’ll discuss monitoring and managing the health of a Microsoft 365 tenant. The objectives and skills we’ll cover in this chapter include the following:

  • Creating and managing service requests
  • Creating an incident response plan
  • Monitoring service health
  • Monitoring application access
  • Configuring and reviewing reports
  • Reviewing usage metrics

By the end of this chapter, you should be able to describe day-to-day operations such as monitoring and reporting, as well as important tasks such as creating an incident response plan.

Let’s begin!

Creating and managing service requests

While Microsoft is committed to ensuring the Microsoft 365 platform is as reliable as possible, service interruptions may occur.

Service requests for Microsoft 365 issues are typically raised through the Microsoft 365 admin center. You can create a support request by performing the following steps:

  1. Log in to the Microsoft 365 admin center (https://admin.microsoft.com) and navigate to Support | New service request:

Figure 2.1 – Creating a service request in the Microsoft 365 admin center

  • In the fly-out panel, type in a question or keywords that relate to your service issue or request. If applicable, a list of potential suggested solutions will be displayed. If no suitable options are displayed, you can select Contact Support:

Figure 2.2 – Microsoft 365 service ticket suggestions

  • On the Contact support view, you can fill out any required information, select the preferred option to be contacted, and, once ready, click Contact me:

Figure 2.3 – Contacting support

  • Once a support request has been created, you can select the Support | View service requests option in the Microsoft 365 admin center to track the status of your service request or update it with new information:

Figure 2.4 – Service request history

Services – Planning and Implementing a Microsoft 365 Tenant-2

Posted on by Adriana Guarin

While there are no deep questions about what each of the service options do, we recommend you spend time exploring the options for the services in the Microsoft 365 admin center.

Security & privacy

The Security & privacy tab houses settings that govern various security controls for the organization. On this page, you’ll find access to the following settings:


                                                                                 

Setting


                                                                                 

Description


                                                                                 

Bing data collection


                                                                                 

Choose whether to allow Bing to collect organization query data.


                                                                                 

Idle session timeout


                                                                                 

Configure the idle session timeout period for Office web apps.


                                                                                 

Password expiration policy


                                                                                 

Choose whether to enable password expiration. Password expiration is disabled by default (and the password policy is governed by the on-premises Active Directory if password hash sync has been configured).


                                                                                 

Privacy profile


                                                                                 

Configure the URL for the organization’s privacy policy and the organization’s privacy contact. The privacy URL is displayed on the
Privacy
 tab of the
Settings & Privacy
 page in the user account profile and when a sharing request is sent to an external user.


                                                                                 

Self-service password reset


                                                                                 

Provides a link to the Azure portal to configure self-service password reset.


                                                                                 

Sharing


                                                                                 

Choose whether to allow users to add guests to the organization.

Table 1.3 – Security & privacy settings

These options can be used to broadly configure security and privacy settings for your organization. As with the settings on the Services tab, these are coarse controls. Fine-grained control is available for some of these items inside their respective admin centers.

Organization profile

Settings on the Organization profile tab are largely informational or used to manage certain aspects of the user experience. On this tab, you’ll find the following settings:


                                                                                 

Setting


                                                                                 

Description


                                                                                 

Custom app launcher tiles


                                                                                 

Configure additional tiles to show up on the Microsoft 365 app launcher.


                                                                                 

Custom themes


                                                                                 

Create and apply themes to the Microsoft 365 portal for end users, including mandating the theme as well as specific organization logos and colors.


                                                                                 

Data location


                                                                                 

View the regional information where your tenants’ data is stored.


                                                                                 

Help desk information


                                                                                 

Choose whether to add custom help desk support information for end users to the Office 365 help pane.


                                                                                 

Keyboard shortcuts


                                                                                 

View the shortcuts available for use in the Microsoft 365 admin center.


                                                                                 

Organization information


                                                                                 

Update your organization’s name and other contact information.


                                                                                 

Release preferences


                                                                                 

Choose the release settings for Office 365 features (excluding Microsoft 365 apps). The available options are Standard release for everyone, Targeted release for everyone, and Targeted release for select users. The default setting is Standard release for everyone.


                                                                                 

Support integration


                                                                                 

Use the settings on this page to configure integration with third-party support tools such as Service Now.

Table 1.4 – Organization profile settings

Like the other Org settings tabs, the settings on this page will be used infrequently—typically when just setting up your tenant and customizing the experience. As with the other Organization profile setting areas, you should spend some time in a test environment navigating the tenant to view these settings and update them to see their effects.

Planning a tenant – Planning and Implementing a Microsoft 365 Tenant

Posted on by Adriana Guarin

There are a number of early planning stages for a Microsoft 365 tenant, but the one you’re presented with first will be which kind of subscription and tenant you acquire. Tenants and subscriptions are available for different sizes of organizations as well as different industry verticals. Depending on what options you choose, you may not be able to easily change plans without performing a migration (for example, when moving between Microsoft 365 Commercial and Microsoft 365 GCC).

Selecting a tenant type

Microsoft has made a variety of packages available, targeting different types of organizations, as shown in Figure 1.1:

Figure 1.1 – Types of tenants

Tenant type deep dive

The MS-100 exam focuses on the feature set and product or service bundles available in Microsoft 365 Enterprise plans, though the technologies available are largely the same across all plans. Microsoft 365 for US Government is available only for local, state, and federal government customers (and their partners or suppliers) and has a subset of the currently commercially available features, trailing by anywhere from 6 months to 2 years, depending on the certification level of the environment. Microsoft 365 for Education has the same feature set as the commercial enterprise set, with a few added features targeted to educational institutions. Microsoft 365 for Education is only available to schools and universities.

Selecting a managed domain

After choosing what type of subscription and tenant you’ll acquire, one of the next steps you’ll be faced with is naming your tenant. When you sign up for a Microsoft 365 subscription, you are prompted to choose a name in the Microsoft onmicrosoft.com managed namespace. The name you select will need to be unique across all other Microsoft 365 customers.

Tenant name considerations

The tenant name (or managed domain name) cannot be changed after it has been selected. As such, it’s important to select one that is appropriate for your organization. The tenant name is visible in a handful of locations, so be sure to select a name that doesn’t reveal any private information and looks professionally appropriate for the type of organization you’re representing.

Services – Planning and Implementing a Microsoft 365 Tenant-1

Posted on by Adriana Guarin

The Services tab displays settings available for workloads, services, and features available in the Microsoft 365 tenant. The following table lists the services that have configurable options in the tenant.


                                                                                 

Service


                                                                                 

Description


                                                                                 

Adoption Score


                                                                                 

Manage privacy levels for Adoption Score as well as setting the scope for users to be included or excluded.


                                                                                 

Azure Speech Services


                                                                                

Manage whether Azure Speech Services can work using content in your tenant to improve the accuracy of speech services. Disabled by default.


                                                                                 

Bookings


                                                                                 

Choose whether the Bookings service is available for use in the tenant. If Bookings is enabled, you also manage specific options, such as whether social sharing options are available or whether Bookings can be used by users outside the organization as well as restricting the collection of customer data.


                                                                                 

Briefing email from Microsoft Viva


                                                                                 

Choose whether to allow users to receive the Viva briefing email. By default, the briefing email is enabled. Users can unsubscribe themselves.


                                                                                 

Calendar


                                                                                 

Choose whether to enable users to share the calendar outside the organization. If sharing is enabled, choose what level of detail is supplied.


                                                                                 

Cortana


                                                                                 

Choose whether to allow Cortana on devices to connect to data in your Microsoft 365 tenant.


                                                                                 

Directory synchronization


                                                                                 

Provides a link to download the Azure AD Connect synchronization tool.


                                                                                 

Dynamics 365 Applications


                                                                                 

Choose whether to allow insights for each user, aggregated insights for other users (non-identifiable), and identifiable insights for other users.


                                                                                 

Dynamics 365 Customer Voice


                                                                                 

Configure email parameters for collecting survey data from Dynamics 365.


                                                                                 

Mail


                                                                                 

There are no org-wide settings to manage here; however, there are links to various tools in the Exchange admin center and the Microsoft Defender 365 portal for things such as transport rules and anti-malware policies.


                                                                                 

Microsoft Azure Information Protection


                                                                                 

There are no settings to manage for this feature; it is a link to documentation for configuring Azure Information Protection settings.


                                                                                 

Microsoft communication to users


                                                                                 

Choose whether to enable Microsoft-generated training and education content delivery to users.


                                                                                 

Microsoft Edge product messaging for users


                                                                                 

Provides information on configuring the Edge spotlight experience for end users.


                                                                                 

Microsoft Edge site lists


                                                                                 

Manage lists of sites and specify which browser experience (Edge or Internet Explorer) users should receive when navigating to those sites.


                                                                                 

Microsoft Forms


                                                                                 

Manage external sharing settings for Microsoft Forms as well capturing the names of internal organization users who fill out forms.


                                                                                 

Microsoft Graph Data Connect


                                                                                 

Choose to enable Microsoft Graph Data Connect for the bulk transfer of data to Azure.


                                                                                 

Microsoft Planner


                                                                                 

Choose whether Planner users can publish to Outlook or iCal.


                                                                                 

Microsoft Search on the Bing homepage


                                                                                 

Customize the Bing.com search page for organization users.


                                                                                 

Microsoft Teams


                                                                                 

Choose whether to enable Teams organization-wide (users who are licensed will be blocked from using Teams). Also, choose coarse control for whether guest access is allowed in Teams.


                                                                                 

Microsoft To Do


                                                                                 

Choose to allow internal users the ability to join and contribute to external task lists and receive push notifications.


                                                                                 

Microsoft Viva Insights (formerly MyAnalytics)


                                                                                

Manage which Viva Insights settings users have access to. By default, all options are selected (Viva Insights web experience, Digest email, Insights Outlook add-in and inline suggestions, and Schedule send suggestions).


                                                                                 

Microsoft 365 Groups


                                                                                 

Configure guest access and ownership settings for Microsoft 365 Groups.


                                                                                 

Modern authentication


                                                                                 

Provides links to information on configuring modern authentication and viewing basic authentication sign-in reports.


                                                                                 

Multi-factor authentication


                                                                                 

Provides links to information on configuring and learning about multi-factor authentication.


                                                                                 

News


                                                                                 

Choose organization and industry settings used to display relevant news information on the Bing home page as well as settings for delivering Microsoft-generated industry news to your organization users.


                                                                                 

Office installation options


                                                                                 

Choose the update channel for Microsoft 365 apps.


                                                                                 

Office on the web


                                                                                 

Choose whether to allow users to connect to third-party cloud storage products using Office on the web products.


                                                                                 

Office Scripts


                                                                                 

Configure Office Scripts settings for Excel on the web.


                                                                                 

Reports


                                                                                 

Choose how to display users’ personally identifiable information in internal reports and whether to make data available to Microsoft 365 usage analytics.


                                                                                 

Search and intelligence usage analytics


                                                                                 

Choose whether to allow usage analytics data to be filtered by country, occupation, department, or division.


                                                                                 

SharePoint


                                                                                 

Choose whether to enable external sharing.


                                                                                 

Sway


                                                                                 

Choose whether to allow the sharing of Sways outside the organization as well as what content sources are available (Flickr, Pickit, Wikipedia, and YouTube).


                                                                                 

User consent to apps


                                                                                 

Choose whether users can provide consent to OAuth 2 apps that access organization data.


                                                                                 

User-owned apps and services


                                                                                 

Choose whether to allow users to auto-claim licenses as well as start trials and access the Office Store.


                                                                                 

Viva Learning


                                                                                 

Choose which content provider data sources to use for Viva Learning. By default, LinkedIn Learning, Microsoft Learn, Microsoft 365 Training, and Custom Uploads are enabled. You can also manage the level of diagnostic data sent to Microsoft.


                                                                                 

What’s new in Office


                                                                                 

Choose whether to display messages to users about new features that are available. This does not change the availability of the feature—only the display of the notification message.


                                                                                 

Whiteboard


                                                                                 

Choose whether to allow the Whiteboard app to be used. Additionally, manage the amount of diagnostic data collected.

Table 1.2 – Organizational service settings

Managing DNS records manually – Planning and Implementing a Microsoft 365 Tenant

Posted on by Adriana Guarin

If you’ve opted to manage DNS records manually, you may need to go back to the Microsoft 365 admin center and view the settings. To do this, you can navigate to the Domains page in the Microsoft 365 admin center, select your domain, and then select Manage DNS:

Figure 1.12 – Managing DNS settings for a domain

On the Connect domain page, click More options to expand the options, and then select Add your own DNS records. From here, you can view the specific DNS settings necessary per service by record type. You can also download a CSV file or a zone file that can be uploaded to your own DNS server.

Figure 1.13 – Viewing DNS settings

The CSV output is formatted as columns, while the zone file output is formatted for use with standard DNS services and can be imported or appended to BIND or Microsoft DNS server zone files.

Configuring a default domain

After adding a domain, Microsoft 365 automatically sets that first custom domain as the default domain, which will get used when creating new users. However, if you have additional domains, you may choose to select a different domain to be used as the default domain when creating objects.

To manage which domain will be set as your primary domain, select the domain from the Domains page and then click Set as default to update the setting:

Figure 1.14 – Setting the default domain

The default domain will be selected automatically when creating cloud-based users and groups.

Custom domains and synchronization

When creating new cloud-based objects, you can select from any of the domains available in your tenant. However, when synchronizing from an on-premises directory, objects will be configured with the same domain configured with the on-premises object. If the corresponding domain hasn’t been verified in the tenant, synchronized objects will be set to use the tenant-managed domain.

Next, we’ll look at core organizational settings in a tenant.

Configuring organizational settings

Organizational settings, as the name implies, are configuration options that apply to the entire tenant. They are used to enable or disable features at the service or tenant level. In many instances, organizational settings are coarse controls that can be further refined by configuration settings inside each individual service.

To access the organizational settings, follow these steps:

  1. Navigate to the Microsoft 365 admin center (https://admin.microsoft.com).
  2. In the navigation pane, expand Settings and select Org settings.

Figure 1.15 – Org settings in the Microsoft 365 admin center

The Org settings page has three tabs:

  • Services
  • Security & privacy
  • Organizational profile

In the next section, we’ll look at the settings available in each of them.

ABOUT ICANN – Planning and Implementing a Microsoft 365 Tenant-2

Posted on by Adriana Guarin
  1. If your domain is registered at a host that supports Domain Connect, you can provide your credentials to the Microsoft 365 Add domain wizard and click Verify. Microsoft will automatically configure the necessary domain records and complete the entire DNS setup for you. You can also select More options to see all of the potential verification methods available, as shown in Figure 1.7:

Figure 1.7 – Verify domain ownership

  1. If you choose any of the additional verification options (such as Add a TXT record to the domain’s DNS records), you’ll need to manually add DNS records with your DNS service provider. Microsoft provides the value configuration parameters necessary for you to configure DNS with your own service provider. After entering the values with your service provider, you can come back to the wizard and select Verify, as shown in Figure 1.8:

Figure 1.8 – Completing verification records manually

  1. If you’re using Domain Connect, enter the credentials for your registrar. When ready, click Connect.

Figure 1.9 – Authorizing Domain Connect to update DNS records

  1. Select Let Microsoft Add your DNS records (recommended) to have the Microsoft 365 wizard update your organization’s DNS records at the registrar. However, if you are going to be configuring advanced scenarios such as Exchange Hybrid for mail coexistence and migration or have other complex requirements, you may want to consider managing the DNS records manually or opting out of select services. Click Continue.

Figure 1.10 – Connecting domain to Microsoft 365

  1. Choose whether to allow Microsoft to add DNS records. Expand the Advanced options drop-down:
  2. The first checkbox, Exchange and Exchange Online Protection, manages DNS settings for Outlook and email delivery. If you have an existing Exchange Server deployment on-premises (or another mail service solution), you should clear this checkbox before continuing. You’ll need to come back to configure DNS settings to establish hybrid connectivity correctly. The default selected option means that Microsoft will make the following updates to your organization’s DNS:
  3. Your organization’s MX record will be updated to point to Exchange Online Protection.
  4. The Exchange Autodiscover record will be updated to point to autodiscover.outlook.com.
  5. Microsoft will update your organization’s SPF record with v=spf1 include:spf.protection.outlook.com -all.

Figure 1.11 – Adding DNS records

  1. The second setting, Skype for Business, will configure DNS settings for Skype for Business. If you have an existing Skype for Business Online deployment or you’re using Skype for Business on-premises, you may need to clear this box until you verify your configuration:
  2. Microsoft will add two SRV records: _sip._tls.@ and _sipfederationtls._tcp@.
  3. Microsoft will also add two CNAMEs for Lync: sip. to point to sipdir.online.lync.com and lyncdiscover. to point to webdir.online.lync.com.
  4. The third checkbox, Intune and Mobile Device Management for Microsoft 365, configures applicable DNS settings for device registration. It is recommended to leave this enabled:
  5. Microsoft will add the following CNAME entries to support mobile device registration and management: enterpriseenrollment. to enterpriseenrollment.manage.microsoft.com and enterpriseregistration. to enterpriseregistration.windows.net.
  6. Click Add DNS records.
  7. If prompted, click Connect to authorize Microsoft to update your registrar’s DNS settings.
  8. Click Done to exit the wizard or View all domains to go back to the Domains page if you need to add more domains.

You can continue adding as many domains as you need (up to the tenant maximum of 900 domains).
ADDING A DOMAIN DEEP DIVE
To review alternative steps and more information about the domain addition process, see https://learn.microsoft.com/en-us/microsoft-365/admin/setup/add-domain.

Summary – Implementing Microsoft Purview Information Protection and Data Lifecycle Management

Posted on by Adriana Guarin

In this chapter, you learned about some of the important compliance tasks that many organizations face, such as content classification and retention. You learned about the foundational technical concepts around sensitive information types. SITs are used to classify content and can be used in the Microsoft Purview solutions including labeling and retention.

In the next chapter, you’ll apply the SIT knowledge learned here to another compliance concept: data loss prevention.

Exam Readiness Drill – Chapter Review Questions
Benchmark Score: 75%
Apart from a solid understanding of key concepts, being able to think quickly under time pressure is a skill that will help you ace your certification exam. That’s why, working on these skills early on in your learning journey is key.

Chapter review questions are designed to improve your test-taking skills progressively with each chapter you learn and review your understanding of key concepts in the chapter at the same time. You’ll find these at the end of each chapter.

Before You Proceed
You need to unlock these resources before you start using them. Unlocking takes less than 10 minutes, can be done from any device, and needs to be done only once. Head over to the start of Chapter 7, Managing Security Reports and Alerts by Using the Microsoft 365 Defender Portal in this book for instructions on how to unlock them.

To open the Chapter Review Questions for this chapter, click the following link:
https://packt.link/MS102E1_CH10. Or, you can scan the following QR code:

Figure 10.57 – QR code that opens Chapter Review Questions for logged-in users

Once you login, you’ll see a page similar to what is shown in Figure 10.58:

Figure 10.58 – Chapter Review Questions for Chapter 10

Once ready, start the following practice drills, re-attempting the quiz multiple times:

Exam Readiness Drill

For the first 3 attempts, don’t worry about the time limit.

ATTEMPT 1
The first time, aim for at least 40%. Look at the answers you got wrong and read the relevant sections in the chapter again to fix your learning gaps.

ATTEMPT 2
The second time, aim for at least 60%. Look at the answers you got wrong and read the relevant sections in the chapter again to fix any remaining learning gaps.

ATTEMPT 3
The third time, aim for at least 75%. Once you score 75% or more, you start working on your timing.

Tip
You may take more than 3 attempts to reach 75%. That’s okay. Just review the relevant sections in the chapter till you get there.

Working On Timing
Target: Your aim is to keep the score the same while trying to answer these questions as quickly as possible. Here’s an example of how your next attempts should look like:

Table 10.2 – Sample timing practice drills on the online platform

Note
The time limits shown in the above table are just examples. Set your own time limits with each attempt based on the time limit of the quiz on the website.

With each new attempt, your score should stay above 75% while your time taken to complete should decrease. Repeat as many attempts as you want till you feel confident dealing with the time pressure.

On-Premises File Servers – Implementing Microsoft Purview data loss prevention (DLP)

Posted on by Adriana Guarin

Despite the high rate of adoption for cloud services and infrastructure, many organizations still have

a lot of data stored in on-premises repositories such as SharePoint Server or Windows-based file servers. While cloud-based solutions are great for content stored in the cloud, what options are there for applying those same protections to data that hasn’t been migrated?

The answer is easy: Microsoft Purview Data Loss Prevention!

AIP Scanner
Originally branded as the Azure Information Protection scanner in 2018 to help identify sensitive information on-premises, the software has continuously been upgraded with more features. The newest iteration can help support your information protection goals.

Protecting on-premises repositories requires the following tasks to be completed:

• Configuring service accounts
• Deploying the AIP Unified Labeling (UL) client to an on-premises server
• Configuring the scanner settings
• Creating content scan jobs
• Creating an Azure app registration
• Deploying the AIP scanner to an on-premises server
• Configuring a DLP policy that includes on-premises repositories

As you can see, there are several pieces involved. Figure 11.9 shows the components in the on-premises DLP deployment:

Figure 11.9 – On-premises DLP architecture

The DLP architecture utilizes one or more on -premises servers configured with the AIP UL client and the AIP scanner. These servers query the DLP policies from the Microsoft Purview compliance portal, store service information in an on -premises SQL database, and are used to discover content in on-premises file shares and SharePoint sites.

Note
For production deployments, Microsoft recommends using a full version of SQL Server. For lab environments, you can use SQL Express. To download SQL Express, see https://www. microsoft.com/en-us/Download/details.aspx?id=101064.

Configuring a Service Account
For the scanner deployment, you’ll need two accounts—an on-premises account that has access to the file shares and SharePoint document libraries containing content to protect, and either a synchronized or cloud identity that will be used to access the Microsoft 365 service. They can be the same account (this may even make it easier from a deployment perspective). The AIP service does not currently support using a Managed Service Account (MSA) or group Managed Service Account (gMSA).

Deploying the AIP UL client
The first step in deploying the Microsoft Purview compliance solution on-premises is to ensure the server(s) you’ll be using have the most recent AIP UL client. Follow these steps to deploy the client:

  1. On the server(s) where you will configure the Microsoft Purview Information Protection Scanner cluster, navigate to https://aka.ms/aipclient to download the client. Either the .msi or .exe download is suitable.
  2. Once it has downloaded, launch the installer.
  3. Select I agree to proceed with the installation. Setup begins, as shown in Figure 11.10.

Figure 11.10 – AIP UL client installation

  1. Click Close to exit the installer.

Next, it’s time to move on to the scanner cluster installation.

Teamwork habits– Monitoring Microsoft 365 Tenant Health

Posted on by Adriana Guarin

Viva Insights Teamwork habits, part of the premium Viva Insights experience, allows managers to gain additional recommendations for managing people. Teamwork habits helps managers identify regular after-hours work, meeting overload conditions, and a lack of dedicated focus time.

Managers can set up their teams by manually adding users, though they can use the suggested list if the manager property has been configured in Active Directory or Azure Active Directory:

Figure 2.25 – Confirming team members

Three additional core features of Teamwork habits are as follows:

  • Scheduling recurring 1:1 time with managed employees
  • Gathering quiet hours impact to determine how work habits impact employees outside of their configured working hours
  • Shared plans for no-meeting days and shared focus times

Organizations that have the Teamwork habits tools available can improve their employees’ well-being and work-life balance. The Teamwork habits feature requires a separate Microsoft Viva Insights license.

Organization trends

The Organization trends tab shows business leader and manager insights to help understand how to effectively manage your teams, such as identifying work patterns:

Figure 2.26 – Organization trends

Organization trend data is privacy-oriented, requiring a minimum of 10 people (including the manager) to be in the management chain, either directly or indirectly. In addition, access to organization trends requires granting access to manager insights through the Viva setup.

Advanced insights

Microsoft Viva Advanced Insights is a reporting tool that provides research-based behavioral insights into organizational work patterns, such as hybrid work, work-life balance, and employee well-being.

The Advanced Insights reporting tool comes with several built-in templates and analysis tools to help organizations understand everything, from meeting effectiveness to employee performance trends correlated to manager 1:1 meetings:

Figure 2.27 – Viva Insights manager coaching report

With large organizational changes such as hybrid and remote work scenarios, it can be important to understand how those work patterns affect performance, including interesting data points such as how much time is spent during meetings multitasking, or how much work is getting done outside normal business hours:

Figure 2.28 – Advanced insights working hours details

The Advanced Insights Power BI report templates provide an analysis of employee engagement and work patterns. Here are the reports:

  • Business resilience: Overall business report highlighting performance and employee well-being
  • Hybrid workforce experience: This report highlights how different work modes (onsite, hybrid, and remote) affect workers
  • Manager effectiveness: This report provides insight into patterns for people managers
  • Meeting effectiveness: This report captures and displays information on meeting statistics such as how many meetings happen at short notice or how much multitasking occurs during meetings
  • Ways of working: This data helps answer questions such as, “Are employees receiving enough 1:1 coaching time?” and “Who generates the most work by organizing meetings?”
  • Wellbeing – balance and flexibility: This reporting data is used to identify whether employees have enough time to focus on core priorities and balance that with breaks and time away from work

For more information on the advanced insights templates and their reporting capabilities, see https://learn.microsoft.com/en-us/viva/insights/advanced/analyst/templates/introduction-to-templates.