O365 IT Risk & Health Scanner supports unlimited assessment targets. An Active Directory Forest is a target in O365 IT Risk & Health Scanner terminology. Though different targets are supported by O365 IT Risk & Health Scanner, main target is Active Directory Forest under which all other targets such as Microsoft Hyper-V, Exchange Servers, and SQL Servers, operate. Every Active Directory Forest that needs to be checked via O365 IT Risk & Health Scanner must be registered and discovered. Active Directory Forests running Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 are supported.
Assessment Profiles are backbone of O365 IT Risk & Health Scanner. An Assessment Profile targets and Dynamic Packs. In O365 IT Risk & Health Scanner, we can create multiple assessment profiles containing separate AD Forests and Dynamic Packs of your choice.
One of the benefits O365 IT Risk & Health Scanner provides is that it supports importing new Dynamic Packs from Dynamic Packs Server and/or from Dynamic Pack file/bundle. You can design new Dynamic Packs and import into O365 IT Risk & Health Scanner.
O365 IT Risk & Health Scanner not just performs health and risk Checks, but also reports issue severity and recommendations to fix the issues. The Issue Severity and Recommendations are defined in the Dynamic Packs which can be modified using Packs Manager.
If you are managing multiple Active Directory Forests under O365 IT Risk & Health Scanner, you can add credentials for each Active Directory Forest. Once credentials are added O365 IT Risk & Health Scanner can connect to AD Forest managed by the Assessment Profile and do the assessment.
Currently, O365 IT Risk & Health Scanner ships with Microsoft Active Directory, Office 365 & Azure, and Hyper-V Dynamic Packs. We continue to design new Dynamic Packs and make them available for use with O365 IT Risk & Health Scanner.
In case you need to perform Health and Risk Check of a specific technology component let’s say Azure or VMWare, either you can use Packs Manager to design the Dynamic Packs or request us to design for you.
We design new Dynamic Packs every month. You can import new Dynamic Packs from within the O365 IT Risk & Health Scanner console and use them.
O365 IT Scanner lets you Import and Export Assessment Profiles. There are various reasons as to why you would want to export an Assessment Profile as listed below:
A Dynamic Pack consists of PowerShell code. Dynamic Packs can be used to perform Health Check and collect information from targets. Currently, O365 IT Risk & Health Scanner provides 101 Dynamic Packs for Active Directory and 67 Dynamic Packs for O3365 and Azure. All of Dynamic Packs are written by industry experts such as Microsoft MVPs and IT Experts. You can design more Dynamic Packs by using Dynamic Packs Manager. Here is the list of Microsoft Active Directory Dynamic Packs that ship with O365 IT Risk & Health Scanner:
|Category||Dynamic Pack||Credential Requirement||Description|
|AD Domain Computers Health Checks||Domain Computers Operating Systems Test||Domain User||Domain Computers Operating Systems Test|
|AD Domain Security Groups Health Checks||Domain Duplicate Security Groups Test||Domain User||Dynamic Pack collects duplicate security groups in each domain.|
|AD Domain GPO Health Checks||Domain GPOs No Override Test||Domain User||Dynamic Pack checks to see how many GPOs have been configured with.|
O365 IT Risk & Health Scanner requires following components to be installed:
O365 IT Risk & Health Scanner must be running on one of the below Operating Systems:
Important: O365 IT Risk & Health Scanner can run on a member computer. It doesn’t have to be a domain controller.
Since O365 IT Risk & Health Scanner executes PowerShell-based scripts on fly, you will be required to whitelist following directory in your Antivirus:
Access Requirements for O365 IT Risk & Health Scanner depends as listed below:
Scenario 1: O365 IT Risk & Health Scanner computer is NOT part of Active Directory domain: In Scenario 1 you will be required to add credentials under O365 IT Risk & Health Scanner. This scenario is sometimes referred to as running O365 IT Risk & Health Scanner on an Admin computer which can do assessment of all managed AD Forests from a single computer.
Scenario 2: O365 IT Risk & Health Scanner computer is part of Active Directory domain: In Scenario 2 you can use Locally Logged On Credential to connect to AD Forest.
Once you have finished executing Assessment Profiles you can work with the Reporter to generate a summary that contains issues items and excel issues summary that contains the affected objects. The Reporter supports following features:
O365 IT Scanner comes with three reporting templates and these templates can be modified to suit your reporting requirements.
O365 IT Health & Risk Scanner supports delegating assessment to multiple teams within an organisation. As part of the assessment delegation feature, you create multiple Assessment Profiles that contain Dynamic Pack for different technologies. For example, you can create an Assessment Profile that contains the Dynamic Packs for Active Directory and then delegate that profile to AD Administrators. Similarly, you create another Assessment Profile that contains the Dynamic Packs for SQL Server and then delegate that profile to SQL Administrators and so on.
It is easy as pie to implement O365 IT Scanner Assessment Delegation Feature. You will be required to create two security groups in the root domain of an Active Directory Forest. The Group; O365ITScanner_Admins contains the list of admins that can have full control over Scanner and O365ITScanner_Delegated security group contains the list of admins that are delegated.
O365 IT Risk & Health Scanner is a unique solution and dynamic in nature. We provide two components as part of the O365 IT Risk & Health Scanner; O365 IT Health & Risk Scanner Execution SubSystem and Dynamic Packs.
As it is shown in the figure above, you will perform simple four steps; preparing the Scanner/SubSystem, registering the targets, creating Assessment Profiles, adding Dynamic Packs to the Assessment Profiles and then executing the Assessment Profiles.
Schedule a Demo