Frequently Asked Questions about O365 IT Scanner

O365 IT Risk & Health Scanner supports Active Directory as the assessment target. Though different targets are supported by O365 IT Risk & Health Scanner, main target is the Active Directory Forest under which all other targets such as Microsoft Hyper-V, Exchange Servers, and SQL Servers, operates. Every Active Directory Forest that needs to be checked via O365 IT Risk & Health Scanner must be registered and discovered in O365 IT Risk & Health Scanner. Active Directory Forests running Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 are supported. Other targets are supported via Dynamic Packs.

O365 IT Risk & Health Scanner supports other targets through Dynamic Packs. You can utilize Packs Manager to design Dynamic Packs for other targets. However, before you start to design Dynamic Packs you need to search for PowerShell Cmdlet. For example, if you wish to design a Dynamic Pack to gather Virtual Machines running on a Hyper-V Server, you must know the PowerShell Cmdlet that can be used to perform the required task by the Dynamic Pack. For example, Get-VM PowerShell cmdlet can be used to collect Virtual Machine information from target Hyper-V Servers.

O365 IT Risk & Health Scanner requires a “normal” domain user account to collect information from Active Directory Forest except a few Dynamic Packs that need special privileges. The following Dynamic Packs require Domain Admin or Local Admin access to the Domain Controllers in order to connect and collect the required information from Domain Controllers:

• Get Domain Controller Up Time
• Get Domain Controller Services Status
• Get Domain Controller Local Disks

Other than above Dynamic Packs, all Dynamic Packs can be executed under a normal AD user account who is part of Domain Users Security group in the domain.

Every assessment profile that you create in O365 IT Risk & Health Scanner contains an AD Forest as the assessment target. If you have registered another Active Directory Forest in O365 IT Risk & Health Scanner, you can create another profile and then add the AD Forest. Same AD Forest can be used in more than one profile. For example, if you have registered three Active Directory Forests as Target in O365 IT Risk & Health Scanner then you can add three AD Forests to three or more profiles which, in turn, allows the health assessment of multiple Active Directory Forests.

Multiple credentials can be added to allow execution of Assessment Profiles under alternate credentials.

No. The O365 IT Risk & Health Scanner is a read only product. It does not write anything to the target systems.

You can modify existing Dynamic Packs using the Packs Manager that is available as an Add-On product. You can also create new Dynamic Packs using Packs Manager.

Support is available to registered users. We provide one year technical support for O365 IT Health & Risk Scanner and Dynamic Packs.

O365 IT Health & Risk Scanner supports executing Profiles under different set of credentials. All you need to do is add credentials and then select the credential when executing Profile or individual Dynamic Packs.

O365 IT Risk & Health Scanner supports multiple scenarios as listed below:

Scenario 1: O365 IT Health & Risk Scanner computer is NOT part of Active Directory domain: In Scenario 1 you will be required to add credentials under O365 IT Risk & Health Scanner. This scenario is sometimes referred to as running O365 IT Risk & Health Scanner on an Admin computer which can do assessment of all managed AD Forests from a single computer.

Scenario 2: O365 IT Health & Risk Scanner computer is part of Active Directory domain: In Scenario 2 you can use Locally Logged On Credential to connect to AD Forest.

There are 2 components to the license

1. O365 IT Risk & Health Scanner Execution SubSystem License (Professional or Enterprise)

2. AD Forest License

We charge one-time fee for AD Health Profiler Execution SubSystem. The AD Health Profiler is a powerful execution SubSystem that you will have to buy in order to execute the Dynamic Packs.

You must buy AD Forest Licenses apart from purchasing Active Directory Health Profiler Execution SubSystem. In case you need to manage multiple Active Directory Forest or do a health assessment of multiple Active Directory Forests, you must buy Additional AD Forest licenses.

AD Forest License will be available to you for one year. You must buy Additional AD Forest licenses in following conditions:

• You would like to renew existing AD Forest License.
• You have to add an additional Active Directory Forest under the management of Active Directory Health Profiler.

The execution subsystem license comes with perpetual validity. The AD Forest license is valid for 1 calendar year from the date of activation.

Professional licenses only enable assessments of 1 technology – Active Directory.

Enterprise Licenses enable assessments of Active Directory + other technologies like Exchange, Azure, Hyper-V, etc.

Both Professional and Enterprise Versions ship with 74 Active Directory Dynamic Packs included.

The Enterprise Version ships with _____ additional Hybrid packs for technologies other than Active Directory – Azure, Office 365, Exchange Server, Hyper-V, SQL Server, System Center, etc.

The non-premium packs, when made available will be up for download for free when they get released. Just head over to your solution’s import packs utility.

You could either utilize the Packs Manager add-on to design a custom health check or edit existing Dynamic Packs.

Or

You may request a custom Dynamic Pack by clicking “Request Dynamic Pack” button within Import Packs.

All licenses include future updates to the O365 IT Scanner execution sub system for _______ year/s.

Based on your license type (Professional or Enterprise), you will get updates to O365 IT Health & Risk Scanner.

The prices are based upon the size of your infrastructure, the number of AD forests, Domain Controllers, other technologies within your infrastructure, etc. For a quote, provide our sales team some details about the size of your infrastructure.

We provide technical support for the solution for 1 calendar year from the date of purchase. Any problems with the solution will be dealt with upon bring brought to our attention.

If you don’t have the technical experts needed to fix the issues, or if your technical experts are busy on other assignments; you may request assistance from within the Execute Assessment pane. Clicking on Fix instructions or Fix Script will have us come in with one of our Microsoft Certified Engineers to fix the problems in your environment.

Note that before you can use Active Directory Health Profiler, you need to ensure you install Active Directory Health Profiler on a supported Windows Operating System and have required software installed. The following is the minimum requirements for AD Health Profiler:

• Operating System: We have tested AD Health Profiler on Windows Server 2012 and Windows Server 2012 R2 Operating Systems. However, as long as you are running RSAT for Windows Server 2012/R2 on a Windows Operating System other than Windows Server 2012 and Windows Server 2012 R2, you can try running on other Windows Operating Systems.
• PowerShell: Since AD Health Profiler uses Dynamic Packs that are designed using PowerShell cmdlets, you are required to install PowerShell Modules for the target managed by the Health Profile. For example, if Health Profile contains Active Directory as a Target, you’re required to install Active Directory PowerShell modules on the AD Health Profiler computer.
• Local Administrator: This is required to install the AD Health Profiler on the computer.

You are required to exclude C:ProgramDataDynamicPacksTechnologies folder from antivirus. AD Health Profiler Execution SubSystem creates PowerShell scripts on fly for execution. Some antivirus products might block execution of scripts.