O365 IT Health
& Risk Scanner

Safety for your clients

Perform a complete health and risk assessment of Microsoft key server technologies and minimise disruption in your business by finding critical and high issues.

See It Work

O365 IT Scanner is a robust Execution SubSystem which leverages PowerShell-based Dynamic Packs to perform checks on targets managed by O365 IT Scanner.
  • Design your own health check
  • Delegate technology assessment.
  • Assess multiple AD Forests from single computer.
  • Customized Reporting.
  • Import new Dynamic Packs as they are available.

Explore Features

Unlimited Assessment Targets

O365 IT Risk & Health Scanner supports unlimited assessment targets. An Active Directory Forest is a target in O365 IT Risk & Health Scanner terminology. Though different targets are supported by O365 IT Risk & Health Scanner, main target is Active Directory Forest under which all other targets such as Microsoft Hyper-V, Exchange Servers, and SQL Servers, operate. Every Active Directory Forest that needs to be checked via O365 IT Risk & Health Scanner must be registered and discovered. Active Directory Forests running Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 are supported.

Unlimited Assessment Profiles

Assessment Profiles are backbone of O365 IT Risk & Health Scanner. An Assessment Profile targets and Dynamic Packs. In O365 IT Risk & Health Scanner, we can create multiple assessment profiles containing separate AD Forests and Dynamic Packs of your choice.

Dynamic Solution

One of the benefits O365 IT Risk & Health Scanner provides is that it supports importing new Dynamic Packs from Dynamic Packs Server and/or from Dynamic Pack file/bundle. You can design new Dynamic Packs and import into O365 IT Risk & Health Scanner.

Report Issues, Severity and Recommendations

O365 IT Risk & Health Scanner not just performs health and risk Checks, but also reports issue severity and recommendations to fix the issues. The Issue Severity and Recommendations are defined in the Dynamic Packs which can be modified using Packs Manager.

Credential Support

If you are managing multiple Active Directory Forests under O365 IT Risk & Health Scanner, you can add credentials for each Active Directory Forest. Once credentials are added O365 IT Risk & Health Scanner can connect to AD Forest managed by the Assessment Profile and do the assessment.

Hybrid Dynamic Packs

Currently, O365 IT Risk & Health Scanner ships with Microsoft Active Directory, Office 365 & Azure, and  Hyper-V Dynamic Packs. We continue to design new Dynamic Packs and make them available for use with O365 IT Risk & Health Scanner.

Design Your Own Health Check or Customize Existing Health Checks

In case you need to perform Health and Risk Check of a specific technology component let’s say Azure or VMWare, either you can use Packs Manager to design the Dynamic Packs or request us to design for you.

Import Dynamic Packs from Server

We design new Dynamic Packs every month. You can import new Dynamic Packs from within the O365 IT Risk & Health Scanner console and use them.

Import/Export Assessment Profiles

O365 IT Scanner lets you Import and Export Assessment Profiles. There are various reasons as to why you would want to export an Assessment Profile as listed below:

  • You have done an Assessment for a customer and would like to export the Assessment Profile so you can review the data provided by the Assessment Profile on your work computer.
  • You need to make the Assessment Profile data available to another O365 IT Scanner computer installed in your environment.

A Dynamic Pack consists of PowerShell code. Dynamic Packs can be used to perform Health Check and collect information from targets. Currently, O365 IT Risk & Health Scanner provides 101 Dynamic Packs for Active Directory and 67 Dynamic Packs for O3365 and Azure. All of Dynamic Packs are written by industry experts such as Microsoft MVPs and IT Experts. You can design more Dynamic Packs by using Dynamic Packs Manager. Here is the list of Microsoft Active Directory Dynamic Packs that ship with O365 IT Risk & Health Scanner:

Category Dynamic Pack Credential Requirement Description
AD Domain Computers Health Checks Domain Computers Operating Systems Test Domain User Domain Computers Operating Systems Test
AD Domain Security Groups Health Checks Domain Duplicate Security Groups Test Domain User Dynamic Pack collects duplicate security groups in each domain.
AD Domain GPO Health Checks Domain GPOs No Override Test Domain User Dynamic Pack checks to see how many GPOs have been configured with.

Requirements

Components and Modules

O365 IT Risk & Health Scanner requires following components to be installed:

  • Active Directory PowerShell Modules
  • Group Policy PowerShell Modules
  • DNS Server PowerShell Modules
  • .NET 3.5 Framework
Operating System

O365 IT Risk & Health Scanner must be running on one of the below Operating Systems:

  • Windows 8, Windows 8.1, Windows 10
  • Windows Server 2012 or Windows Server 2012 R2
  • Windows Server 2016

Important: O365 IT Risk & Health Scanner can run on a member computer. It doesn’t have to be a domain controller.

Antivirus Exclusion

Since O365 IT Risk & Health Scanner executes PowerShell-based scripts on fly, you will be required to whitelist following directory in your Antivirus:

C:\Users\Public\DynamicPacksTechnologies\ADHealthProfiler

Access & Scenarios

Access Requirements for O365 IT Risk & Health Scanner depends as listed below:

Scenario 1: O365 IT Risk & Health Scanner computer is NOT part of Active Directory domain: In Scenario 1 you will be required to add credentials under O365 IT Risk & Health Scanner. This scenario is sometimes referred to as running O365 IT Risk & Health Scanner on an Admin computer which can do assessment of all managed AD Forests from a single computer.

Scenario 2: O365 IT Risk & Health Scanner computer is part of Active Directory domain: In Scenario 2 you can use Locally Logged On Credential to connect to AD Forest.

Once you have finished executing Assessment Profiles you can work with the Reporter to generate a summary that contains issues items and excel issues summary that contains the affected objects. The Reporter supports following features:

  • Allows you to modify Default Severity, issue, impact and recommendations reported by the Dynamic Packs.
  • Apply Default values to User-Defined Values.
  • Select/De-select Dynamic Packs that you would like to be included in the report.
  • Generate a Microsoft Word Summary based on the Reporting Templates.

O365 IT Scanner comes with three reporting templates and these templates can be modified to suit your reporting requirements.

Delegate Technology Assessment

Delegate technology specific checks to your IT Teams

O365 IT Health & Risk Scanner supports delegating assessment to multiple teams within an organisation. As part of the assessment delegation feature, you create multiple Assessment Profiles that contain Dynamic Pack for different technologies. For example, you can create an Assessment Profile that contains the Dynamic Packs for Active Directory and then delegate that profile to AD Administrators. Similarly, you create another Assessment Profile that contains the Dynamic Packs for SQL Server and then delegate that profile to SQL Administrators and so on.

O365 IT Health & Risk Scanner uses the same MSI that acts as a client component for delegated administrators. Once you enable the Assessment Delegation feature you deploy the MSI that has Assessment Delegation feature enabled and the install on the computers.

It is easy as pie to implement O365 IT Scanner Assessment Delegation Feature. You will be required to create two security groups in the root domain of an Active Directory Forest. The Group; O365ITScanner_Admins contains the list of admins that can have full control over Scanner and O365ITScanner_Delegated security group contains the list of admins that are delegated.

How It Works

O365 IT Scanner ships with two components; Execution SubSystem and Dynamic Packs.

O365 IT Risk & Health Scanner is a unique solution and dynamic in nature. We provide two components as part of the O365 IT Risk & Health Scanner; O365 IT Health & Risk Scanner Execution SubSystem and Dynamic Packs.

  • O365 IT Scanner Execution SubSystem provides execution environment for executing PowerShell-based Dynamic Packs.
  • Dynamic Packs are PowerShell-based scripts which are imported into the Execution SubSystem. Once imported Dynamic Packs can be added to Assessment Profiles which contains an assessment target. When you execute Assessment Profile, the Dynamic Packs are executed as part of the execution against the assessment target maintained by the Assessment Profile.

As it is shown in the figure above, you will perform simple four steps; preparing the Scanner/SubSystem, registering the targets, creating Assessment Profiles, adding Dynamic Packs to the Assessment Profiles and then executing the Assessment Profiles.

Screenshots

Schedule a Demo