Getting Started with the Office 365 SharePoint On-Demand Assessment
The On-Demand Assessment - Office 365 SharePoint is a proactive service delivered by a Microsoft engineer to analyze and provide guidance on operations, configuration and usage within an Office 365 subscription. This service is recommended to help get the most out of your Office 365 investment.
Key pillars of the Office 365 SharePoint Assessment
- Operational processes
- Microsoft 365 Security
- SharePoint Site Settings
- SharePoint Site Configuration
- Usage of InfoPath Forms*
- Usage of Classic Workflows*
- Modernization of SharePoint Sites*
Note
Items noted with asterisk (*) above represents info collected using SharePoint modernization scanner tool which is integrated into the assessment now. This tool uses the same permissions as the assessment to collect all the information. Based on the feedback received due to the time it takes to complete scans, the modernization scanner tool by default will be run only on the classic sites which had activities for last 90 days (number of days is customizable, if needed, refer appendix of prerequisites document. But if you decide to run on a specific list of sites, we have added capability to add custom list of sites for the scanner tool to pick up dynamically on each run. For more information about the setup, please refer to the appendix of prerequisites document.
Prerequisites
In order to take advantage of the On-Demand Assessments available through Services Hub, you must:
Have linked an active Azure Subscription to Services Hub and added the Office 365 Exchange Assessment. For more information please see: Getting Started with On-Demand Assessments or watch the How to Link Services Hub to Azure Log Analytics.
An Office 365 Global Administrator account is required for setting up the assessment.
- MFA is supported.
- Sovereign Cloud Supported
To identify classic workflows in the tenant the modernization scanner tool requires the Microsoft Assessment Azure AD Application that is created on the pre-requisites (step 4) for the assessment to have Sites.FullControl.All permission. This permission is not setup by default for the assessment and hence this needs to be setup manually if you need to understand the usage of classic workflows only.
In order to gather the SharePoint Online Tenant configuration/Tenant restriction settings, Microsoft Assessment Azure AD Application requires Sites.Manage.All. This permission is not set up by default for the application and hence this needs to be set up manually, refer to the pre-requisite document (section: Setting permission to show Classic Workflows) and assign the Sites.Manage.All permission instead of Sites.FullControl.All permission.
Review the Prerequisites for Microsoft 365 SharePoint Assessment . This document explains the detailed technical documentation of the Office 365 SharePoint Assessment and the preparation needed to run the assessment. It also documents the different types of data collected by the assessment.
Setup the Microsoft Assessment Application
Note
On average, it takes 30 minutes to initially configure your environment to run an On-Demand Assessment. After you run an assessment you can review the data in Azure Log Analytics. This will provide you with a prioritized list of recommendations, categorized across six focus areas. This allows you and your team to quickly understand risk levels, the health of your environments, act to decrease risk, and improve your overall IT health.
Setup the Office 365 SharePoint Assessment on the data collection machine
Install PowerShell Cmdlets
On the designated data collection machine, complete the following:
Ensure all other PowerShell sessions are closed.
Create the working directory for the Assessment data. e.g. 'C:\SPOA' (or any other folder besides C:\ODA which is reserved by the system)
Open the Windows PowerShell (Ensure its a PowerShell 5.1) command prompt with [Run as Administrator].
On the shell type the following commands:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
Install-Module MSOnline
Install-Module Microsoft.Graph -RequiredVersion 1.27.0 -SkipPublisherCheck -Allowclobber
Install-Module -Name Microsoft.Online.SharePoint.PowerShell -AllowClobber -Force
Uninstall-Module SharePointPnPPowerShellOnline -Force -AllVersions
Install-Module PnP.Powershell -RequiredVersion 1.12.0 -SkipPublisherCheck -Allowclobber
Import-Module MSOnline -Verbose
Import-Module Microsoft.Graph -Verbose
Import-Module PnP.Powershel -Verbose
Import-Module Microsoft.Online.SharePoint.PowerShell -Verbose
$dir = "C:\SPOA" #The location for the working directory e.g. "C:\SPOA"
Scheduled Task Setup
$scheduleTask = Get-Credential #Account to setup and Run Scheduled Task
Add-SharePointOnlineAssessmentTask –WorkingDirectory $dir -ScheduledTaskUsername $scheduleTask.username -ScheduledTaskPassword $scheduleTask.password
Note
This configuration uses PowerShell variables to help facilitate the setup process.
- You will be prompted to enter an account that will be able to run a scheduled task on the machine as below. Provide the required user account credentials to tun the Scheduled Task. These credentials are used to run the SharePoint Online Assessment.
ScheduledTaskUsername:
ScheduledTaskPassword:
WorkspaceId:
Note
The account used to setup the assessment task needs to be a local admin in the Machine; it can a local account or a Domain account with local admin right on the Machine. If you are using a local account just enter the account name and password; if you are using a domain account use the format Domain\Account. -The account needs to be the same as the login account on the machine.
<WorkspaceID> provide id for the Log Analytics workspace that will be used to store the uploaded data.
- When the setup completes, the following messages are shown.
[SharePointOnlineAssessment]Task Creation Successful.
[SharePointOnlineAssessment]SharePointOnlineAssessment setup successful.
[SharePointOnlineAssessment]Detailed log at: C:/\****.log
[SharePointOnlineAssessment][2804]To receive continued assessment updates, please close this PowerShell Windows
Close the PowerShell window.
Open the Task Scheduler.
Expand [Task Scheduler]-[Task Scheduler Library]-[Microsoft]-[Operations Management Suite]-[AOI-***]-[Assessments]-[SharePointOnlineAssessment].
You can confirm the "SharePointOnlineAssessment" task on the right pane.
Data collection is triggered by it within an hour of running the previous script and then every 7 days. The task can be modified to run on a different date/time or even forced to run immediately.
Right Click on the task and click on Run.
During collection and analysis, data is temporarily stored under the WorkingDirectory folder that was configured during setup, using the following structure:
[WorkingDirectory]
|-- SharePointOnlineAssessment
|-- [Numbered Folder] ==> The data is stored
|-- Logs
|-- Omsassessment
- Data collection is triggered by the scheduled task named SharePointOnlineAssessment within an hour of running the previous script and then every 7 days. The task can be modified to run on a different date/time or even forced to run immediately from the task scheduler library
|-- Microsoft
|--
|-- Operations Management Suite
|-- AOI-[XXX]
|-- Assessments
|-- SharePointOnlineAssessment
During collection and analysis, data is temporarily stored under the Working Directory folder that was configured during setup
After a few minutes, your assessment results will be available on your Log Analytics and Services Hub Dashboard. You can navigate to see the results by going into:
|-- Services Hub
|-- Health
|-- Assessments
|-- View All Assessments
- If you wish to get a Microsoft Accredited Engineer to go over the issues about your SharePoint Online Environment with you, you can contact your Microsoft Representative and ask them about the Remote or Onsite CSA Led Delivery
| agreement | Remote Engineer | Onsite Engineer |
|---|---|---|
| Premier | RAP as a Service - Office 365 SharePoint Datasheet | RAP as Service PLUS - Office 365 SharePoint Datasheet |
| Unified | On-Demand Assessment - Office 365 SharePoint Remote Datasheet | On-Demand Assessment - Office 365 SharePoint Onsite Datasheet |
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for