Office 365 Monitoring: An Introductory Guide

The cloud has transformed the IT world. It’s cost-efficient, scalable, secure, and provides many other benefits. According to techjury, 81% of organizations have at least one application running on the cloud. With such a high number of organizations using the cloud and more joining this list every day, the cloud has become an integral part of many organizations.

Cloud typically provides three types of services:

  1. Infrastructure as a service (IaaS)
  2. Platform as a service (PaaS)
  3. Software as a service (SaaS)

Different organizations use different services. When major organizations saw people liking the concept of the cloud, most of them progressed their on-premises applications into SaaS-based offerings. With this transition, it also became important to monitor cloud-based services, applications, and infrastructure. In this post, we’ll discuss one such SaaS—Office 365. We’ll start by understanding what Office 365 is and why you should monitor it, then we’ll go into how to monitor it.

office 365 pull quote

What Is Office 365?

Office 365, now called Microsoft 365, is a SaaS-based suite of subscription services by Microsoft. This suite consists of traditional Office products such as Word, Excel, PowerPoint, etc. and services such as Exchange, Graph, Planner, Teams, Stream, and a lot more. With Office 365, you have all the benefits of the cloud, and based on your subscription, you can also get services for security. Some of the notable reasons why one should move to Office 365 are as follows:

  • Increased accessibility
  • Data backup
  • Encryption
  • Data loss prevention
  • Mobile device management
  • Threat Intelligence
  • Azure Active Directory
  • Compliance

So Office 365 has almost everything you need for your enterprise. You can find the complete list of features here.

What Is Office 365 Monitoring?

Office 365 offers a wide range of tools and services. If you’re an organization that uses Office 365 or you’re planning to switch to Office 365, you’ll depend on these services. Therefore, it’s important to make sure these services are working fine. And Office 365 also helps you with that.

Along with a wide range of tools and services, Office 365 provides another feature that’s important to every organization for visibility—logging. Office 365 logs almost every activity and also provides information on performance, usage, and services. Be it admin activities such as managing accounts and permissions or modifying policies or user activities such as user login, sending emails, or accessing a file, Office 365 logs these activities. This helps stakeholders understand what’s happening in their organization.

Office 365 monitoring is a process of observing, reviewing, and managing Office 365 services and applications with the purpose of making sure these services and applications are working with minimal downtime. Now let’s understand why monitoring Office 365 is important.

Why Office 365 Monitoring Is Important

We’ve already established the magnitude of services Office 365 provides. Different services are responsible for different aspects of keeping an organization up and running. For example, security services are helpful in identifying and preventing potential threats or suspicious activity. But these services are only useful if they’re performing well. If any of these services are down, it could majorly impact an organization. For example, if a service that authorizes users to access an object is down or malfunctioning, it could give access to users who aren’t supposed to access that object. Or it could prevent legit users who have permissions from accessing the object.

Office 365 monitoring helps you get visibility. You can understand when something isn’t working and how your environment is performing. When using Office 365, you not only realize when a service fails but also understand when a service isn’t performing well and when something might fail due to overload.

Office 365 provides a dashboard that shows you the health of services. But it doesn’t give you more insights on what’s affecting the performance. Office 365 monitoring might help you spot the root cause for an issue. Also, in many cases, you can identify the problem even before it starts affecting the workflow. Therefore, monitoring Office 365 is very important.

Now that we’ve understood what Office 365 is, as well as what Office 365 monitoring is and why it’s important, let’s go through how to monitor it.

How to Monitor Office 365

Office 365 provides information about services and features and their statuses. It can also send notifications when some conditions are triggered or some event happens. But that’s not enough. There are different things you have to monitor. Like I said earlier, there are different services, and monitoring each of them is important. There are also different ways you can monitor Office 365. You can build something in-house for your custom needs, or you can use already available monitoring tools.

Let’s look at some of the existing tools.

Office 365 API

A simple way to get Office 365 data is by using Office 365’s API, Microsoft Graph. The Graph API offers a single endpoint to access the data of Microsoft 365, Windows 10, and Enterprise Mobility and Security. Graph is simple to use, but it’s not perfect and doesn’t provide everything you need for Office 365 monitoring. There are known issues in Graph that would leave holes in monitoring. Some of them are as follows:

  • Some application properties are available only after all changes are completed. Examples include appRoles and addIns.
  • Single-tenant applications can’t be registered.
  • Policy assignments to an application will fail.

API is enough to get a piece of information quickly, but it lacks a lot of things to be used in complete Office 365 monitoring.

Office 365 Logs

One of the most useful features of Office 365 is logging. Logs are an excellent source of information, and when you process these logs, they can be very functional. You can direct logs to a data collector, parse them, and store them in data storage. Subsequently, you can use open-source tools to get the specific information you need. You’ll also need to build/use a visualization dashboard to understand data easily. As you can see, there are a lot of steps involved. This is a good option if you’re building a complete product and making business from it. It gives you complete control. However, it can be a lot of resources for someone who’s looking for a simple, quick, powerful solution.

office 365 pull quote

Third-Party Monitoring Tools

If you want a ready-made solution for monitoring with a simple and quick setup, then third-party tools are your thing. These tools are developed keeping every aspect in mind that you need and that would be helpful for Office 365 monitoring. Some tools have impressive visualization and filtering capabilities that make it easy for you to get the information you need. Tools like Netreo provide more than the basic features, such as the following:

  • Synthetic checks to the major services
  • IT spend for Microsoft 365
  • Remediation of issues with PowerShell scripts
  • Detection of anomalistic behavior
  • Automated root-cause analysis

Using a powerful tool can make Office 365 monitoring like a walk in the park. You can not only see what’s happening but also automate actions to perform.

That being said, what approach would be best for you depends on your use case and your affordability. But when Office 365 is providing so much, it would be best to make use of it. The next question that needs to be answered is “What should I monitor?” To address that, let’s look at some of the most important metrics to monitor for availability and performance.

What to Monitor

Office 365 monitoring can be categorized into two main types:

  1. Service metrics
  2. Feature metrics

Service metrics, as the name suggests, are related to the service as a whole. These metrics are good to get a high-level understanding of service. Services are made up of different features. So if you want to get specifics, you need to drill down to features metrics. Based on how detailed you want the data to be and what you’re looking at specifically, you’ll have to monitor various metrics.

Let’s look at some of the common performance metrics.

Status

This is a simple metric to get a high-level idea of a service or feature. Status gives you information about the health of a service or feature. Usually, status is represented with colors: green, yellow, and red.

Resource Utilization

This metric tells you how much of your resources your services or entities are using. Resources can’t be stored for later use. Too little or too much resource utilization is bad. You have to make sure that the resource utilization is optimal to make the best out of it. If resource utilization is consistently high and is causing issues, it might be an indicator for you to upgrade your resources.

Storage

Wherever there is data, there has to be storage. Office 365 involves large amounts of data. The storage metric gives you details about how much storage is being used and how much storage is available. Lack of storage might cause services to fail, and not to mention it would affect user workflow.

Response Time

Response time is the time from when a request is made to the time when it is complete. In Office 365, response time can be measured for various things—for example, email response time. Response time can help you identify different kinds of issues with resources, networks, or the way you’re using a service/feature.

These are generic performance metrics, and any organization can use these. Except for performance, you can also monitor security, anomalous behavior, user activity, etc. It all comes down to what you want to monitor.

office 365 pull quote

Conclusion

Office 365 provides a wide range of services for enterprises. It also makes admin tasks easy. When you switch to a SaaS-based solution like Office 365, your workflow would depend on a lot of services that Office 365 provides. Therefore it’s important to monitor it. We went through different metrics to monitor, but they’re just the baseline. It goes unsaid that you need to monitor more in order to increase visibility.

We’ve discussed different approaches for Office 365 monitoring and their pros and cons. I would suggest using third-party tools because they provide a wider range of features than Office 365 provides, and they do so in real time. And when two powerful systems come together, the outcome can be impressive. So if you’re looking for an Office 365 monitoring solution, feel free to check out Netreo.

This post was written by Omkar Hiremath. Omkar is a cybersecurity team lead who is enthusiastic about cybersecurity, ethical hacking, and Python. He is keenly interested in bug bounty hunting and vulnerability analysis.

Ready to get started? Get in touch or schedule a demo.