O365 IT Risk & Health Scanner

Can O365 IT Risk & Health Scanner be used to do health check of just Active Directory Forests?

O365 IT Risk & Health Scanner supports Active Directory as the assessment target. Though different targets are supported by O365 IT Risk & Health Scanner, main target is the Active Directory Forest under which all other targets such as Microsoft Hyper-V, Exchange Servers, and SQL Servers, operates. Every Active Directory Forest that needs to be checked via O365 IT Risk & Health Scanner must be registered and discovered in O365 IT Risk & Health Scanner. Active Directory Forests running Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 are supported. Other targets are supported via Dynamic Packs.

Can I design Dynamic Packs to target systems other than Active Directory?

O365 IT Risk & Health Scanner supports other targets through Dynamic Packs. You can utilize Packs Manager to design Dynamic Packs for other targets. However, before you start to design Dynamic Packs you need to search for PowerShell Cmdlet. For example, if you wish to design a Dynamic Pack to gather Virtual Machines running on a Hyper-V Server, you must know the PowerShell Cmdlet that can be used to perform the required task by the Dynamic Pack. For example, Get-VM PowerShell cmdlet can be used to collect Virtual Machine information from target Hyper-V Servers.

Does O365 IT Risk & Health Scanner require Enterprise Admins and Domain Admins credentials?

O365 IT Risk & Health Scanner requires a “normal” domain user account to collect information from Active Directory Forest except a few Dynamic Packs that need special privileges. The following Dynamic Packs require Domain Admin or Local Admin access to the Domain Controllers in order to connect and collect the required information from Domain Controllers:

  • Get Domain Controller Up Time
  • Get Domain Controller Services Status
  • Get Domain Controller Local Disks

Other than above Dynamic Packs, all Dynamic Packs can be executed under a normal AD user account who is part of Domain Users Security group in the domain.

Can I Do Health Assessment Of Multiple Active Directory Forests?

Every assessment profile that you create in O365 IT Risk & Health Scanner contains an AD Forest as the assessment target. If you have registered another Active Directory Forest in O365 IT Risk & Health Scanner, you can create another profile and then add the AD Forest. Same AD Forest can be used in more than one profile. For example, if you have registered three Active Directory Forests as Target in O365 IT Risk & Health Scanner then you can add three AD Forests to three or more profiles which, in turn, allows the health assessment of multiple Active Directory Forests.

O365 IT Risk & Health Scanner Can Be Executed Under A Different Set Of Credential?

Multiple credentials can be added to allow execution of Assessment Profiles under alternate credentials.

Does O365 IT Risk & Health Scanner Perform Any Write Operations In Active Directory?

No. The O365 IT Risk & Health Scanner is a read only product. It does not write anything to the target systems.

Can I Modify Existing Dynamic Packs?

You can modify existing Dynamic Packs using the Packs Manager that is available as an Add-On product. You can also create new Dynamic Packs using Packs Manager.

Is Support Available For O365 IT Health & Risk Scanner?

Support is available to registered users. We provide one year technical support for O365 IT Health & Risk Scanner and Dynamic Packs.

My Currently Logged On Credentials Do Not Allow To Connect To Active Directory Forest

O365 IT Health & Risk Scanner supports executing Profiles under different set of credentials. All you need to do is add credentials and then select the credential when executing Profile or individual Dynamic Packs.

What Are the Supported Scenarios for O365 IT Risk & Health Scanner?

O365 IT Risk & Health Scanner supports multiple scenarios as listed below:

Scenario 1: O365 IT Health & Risk Scanner computer is NOT part of Active Directory domain: In Scenario 1 you will be required to add credentials under O365 IT Risk & Health Scanner. This scenario is sometimes referred to as running O365 IT Risk & Health Scanner on an Admin computer which can do assessment of all managed AD Forests from a single computer.

Scenario 2: O365 IT Health & Risk Scanner computer is part of Active Directory domain: In Scenario 2 you can use Locally Logged On Credential to connect to AD Forest.


How Does Licensing Work?

There are 2 components to the license

1. O365 IT Risk & Health Scanner Execution SubSystem License (Professional or Enterprise)

2. AD Forest License

Do I Need To Buy Active Directory Health Profiler Every Year?

We charge one-time fee for AD Health Profiler Execution SubSystem. The AD Health Profiler is a powerful execution SubSystem that you will have to buy in order to execute the Dynamic Packs.

Can I Manage Multiple Active Directory Forests Using Ad Health Profiler?

You must buy AD Forest Licenses apart from purchasing Active Directory Health Profiler Execution SubSystem. In case you need to manage multiple Active Directory Forest or do a health assessment of multiple Active Directory Forests, you must buy Additional AD Forest licenses.

Do I Need To Renew AD Forest License Every Year?

AD Forest License will be available to you for one year. You must buy Additional AD Forest licenses in following conditions:

  • You would like to renew existing AD Forest License.
  • You have to add an additional Active Directory Forest under the management of Active Directory Health Profiler.
What is the validity of Licenses?

The execution subsystem license comes with perpetual validity. The AD Forest license is valid for 1 calendar year from the date of activation.

What is the difference between Professional and Enterprise Licenses?

Professional licenses only enable assessments of 1 technology – Active Directory.

Enterprise Licenses enable assessments of Active Directory + other technologies like Exchange, Azure, Hyper-V, etc.

How many Dynamic Packs come with the licenses?

Both Professional and Enterprise Versions ship with 74 Active Directory Dynamic Packs included.

The Enterprise Version ships with _____ additional Hybrid packs for technologies other than Active Directory – Azure, Office 365, Exchange Server, Hyper-V, SQL Server, System Center, etc.

Does my license include future releases of Dynamic Packs?

The non-premium packs, when made available will be up for download for free when they get released. Just head over to your solution’s import packs utility.

What if a health check we want is not available as a Dynamic Pack?

You could either utilize the Packs Manager add-on to design a custom health check or edit existing Dynamic Packs.


You may request a custom Dynamic Pack by clicking “Request Dynamic Pack” button within Import Packs.

Are feature upgrades to the execution sub system included in the License?

All licenses include future updates to the O365 IT Scanner execution sub system for _______ year/s.

What updates are covered in your product licenses?

Based on your license type (Professional or Enterprise), you will get updates to O365 IT Health & Risk Scanner.

How do I find out more about the pricing?

The prices are based upon the size of your infrastructure, the number of AD forests, Domain Controllers, other technologies within your infrastructure, etc. For a quote, provide our sales team some details about the size of your infrastructure.

What support is provided after purchase?

We provide technical support for the solution for 1 calendar year from the date of purchase. Any problems with the solution will be dealt with upon bring brought to our attention.

What happens if I have trouble resolving the issues diagnosed by the O365 IT Scanner?

If you don’t have the technical experts needed to fix the issues, or if your technical experts are busy on other assignments; you may request assistance from within the Execute Assessment pane. Clicking on Fix instructions or Fix Script will have us come in with one of our Microsoft Certified Engineers to fix the problems in your environment.


What Are The Requirements To Run O365 IT Risk & Health Scanner?

Note that before you can use Active Directory Health Profiler, you need to ensure you install Active Directory Health Profiler on a supported Windows Operating System and have required software installed. The following is the minimum requirements for AD Health Profiler:

  • Operating System: We have tested AD Health Profiler on Windows Server 2012 and Windows Server 2012 R2 Operating Systems. However, as long as you are running RSAT for Windows Server 2012/R2 on a Windows Operating System other than Windows Server 2012 and Windows Server 2012 R2, you can try running on other Windows Operating Systems.
  • PowerShell: Since AD Health Profiler uses Dynamic Packs that are designed using PowerShell cmdlets, you are required to install PowerShell Modules for the target managed by the Health Profile. For example, if Health Profile contains Active Directory as a Target, you’re required to install Active Directory PowerShell modules on the AD Health Profiler computer.
  • Local Administrator: This is required to install the AD Health Profiler on the computer.
Does O365 IT Risk & Health Scanner Require Antivirus Exclusion?

You are required to exclude C:ProgramDataDynamicPacksTechnologies folder from antivirus. AD Health Profiler Execution SubSystem creates PowerShell scripts on fly for execution. Some antivirus products might block execution of scripts.


Schedule a Demo