blog.atwork.at

news and know-how about microsoft, technology, cloud and more.

Governance Toolkit 365-Improvements July 2022

Sunday, July 31, 2022 3:00 PM Toni Pohl

The Governance Toolkit SaaS solution provides compliance coverage across multiple workloads and offers self-services for users. We have added many new improvements and services over the past few months.

We started the Governance Toolkit 365 (GT365) journey at the Microsoft Ignite conference in 2018, when my colleague Martina Grom showed a first version how to develop a Power BI governance board for Microsoft 365 and an endpoint to provision a new Microsoft 365 Group with an approval workflow. We saw that there was a great need for governance in the market and from there we developed our solution as Software-as-a-Service offering. One of the great advantages of the GT365 is that it runs completely with the on-board tools of Microsoft 365 and can be completely flexibly customized. You can find more information and test GT365 anytime at governancetoolkit365.com .

Latest additions

During the last few months, we added a lot of additional M365 tenant data to the GT365 storage. See the latest additions here:

  • Power Platform support added (fall 2021): These supplements inform about all relevant data of the Power Platform, including Environments, Power Apps, Flows, Users, and  Connections. This also includes Power BI with all workspaces, reports, datasets, dashboards, and their users.
  • Applications added: The applications table stores all registered applications in the M365 tenant so administrators can see and review applications and their entitlements based on this list.
  • ChannelMembers added: This table stores all members and owners of a Teams channel.
  • GroupMembers are now available: This table stores all members of a specific Group. We initially had this information for owners and found it useful to prepare this for members in the same way.
  • GroupsActivity added: This table stores all activities of a team and when the team was last used. This information helps to identify Teams that have not been used for a longer time period.
  • GroupsStatistics extended: This table stores all groups in a M365 tenant with additional data. Added the following information: AssignedLabels, ExpirationDateTime, Less2Owners, ManyOwners, OwnersMail, and SiteLastModifiedDateTime. These fields provide a rating and allow you to easily notify the team owner.
  • Permissions added: This table is to identify if GT365 has not all permissions required to read data from an API. If this table is empty, all permissions are set properly. If there are entries, they help to identify what permission is missing for the GT365 App. To solve such issues, add the required permissions by giving the consent as Global Administrator with the following link: Agree to the GT365 app permissions again.
  • ReportGuests added: This table shows a report of all guest users in the M365 tenant. The LastLoginDays field shows the number of days since the guest user last logged in. A special feature here are ratings. If the days are greater than 180, the flag LoginTooOld is set to True. If the user has been created recently, within the last 30 days, the NewUser flag is set to True. If the user has never signed in at all, the NoLogin flag is set to True. Finally, column ToBeDeleted informs whether the user should be deleted based on the rules.
  • ReportGuestsToBeDeleted: (If CleanUpGuests is configured.) This table only exists when the corresponding Azure Logic Apps for the automatic CleanUpGuests feature are running. The intention is to inform admins that guests without a login or with a login longer than 180 days will be deleted 30 days later. This table stores the necessary data for this process.
  • SensitivityLabels added: If configured, this table stores the sensitivity labels for groups.
  • TeamChannels added: This table stores all Channels of a Team. Including the channel´s email address, and the membership type. The TeamId is the connection to the team.
  • UserServicesUsage added: This table stores more details of all users and when they last accessed which main M365 service. The data provide information about the licensing status of a user, and when the user´s LastActivityDate was. This helps identify users who have assigned an M365 license but are not using the services.
  • ProvisionTeam API: An optional key more, allowing to store an JSON object hast been added. Additional data like cost center, sponsors, or similar keys can be added in here.
  • InviteGuest API: The optional keys more (as above) and the FirstName and LastName keys have been added. Since the Microsoft Invite Guest API does not have that data, we now are able to process and to store that additionally.
  • Power BI reports v2: A new Power BI dashboard file including all data visualizations is available for all customers.
  • Announcement for the new web admin interface: This will be available in August.

All tenant data in GT365

Here´s a full list of table data in alphabetical order in the GT365 storage. A star* marks the latest new or extended features.

  • applications*: a list of all applications in the Azure AD (in the M365 tenant)
  • channelmembers*: a list of all members of the Teams channels
  • deletedgroups: a list of all groups that have been deleted in the Azure AD tenant
  • deletedusers: a list of all users including guest users that have been deleted in the Azure AD tenant
  • globalgroupsettings*: the global M365 Group Settings: group lifetime renewal
  • groupguests: a list of all guests (external users) in a group
  • groupmembers*: a list of all members of a group
  • groupowners: a list of all owners of a group (Note: the groupsstatistics also holds the email addresses of the group owners)
  • groupsactivity*: overview of activities in a M365 group, like the last activity date, channels, guests, active users, messages, mentions, meetings, etc.
  • groupsstatistics*: the cumulative list of all groups. including the group size, members, owners and guests, renewed date, channels and more
  • invitedusers: all guest users invited via the GT365 API
  • permissions*: a list informing when the GT365 app permissions have not been confirmed and the GT365 cannot read all data from the tenant
  • powerbidashboards: all Power BI dashboards in the tenant
  • powerbidashboardusers: all Power BI dashboard users
  • powerbidatatsets: all Power BI datasets in the tenant
  • powerbidatatsetusers: all Power BI dataset users
  • powerbireports: all Power BI reports in the tenant
  • powerbireportusers: all Power BI report users
  • powerbiworkspaces: all Power BI workspaces in the tenant
  • powerplatformapps: all Power Platform apps in the tenant, including the environment, app location, app type, owner, created date, last modified and publish date, modifier, etc.
  • powerplatformconnections: all Power Platform connections in the tenant, including the environment, creator, status, etc
  • powerplatformenvironments: all Power Platform environments in the tenant, including the region, type, creator, etc
  • powerplatformflows: all Power Platform flows (Power Automate) in the tenant, including the environment, type, owner, trigger type, etc.
  • provisionedgroups: all M365 groups and teams that are provisioned via the GT365 API
  • reportguests*: a daily generated list of all guests in the tenant with the number of days since the guest has been created, and the last login date and the days since the last login, including a login rating
  • reportgueststobedeleted: If CleanUpGuests is configured, this list holds recommendations of guest users that should or have been deleted
  • sensitivitylabels*: a list of the tenant´s sensitivity labels, if configured
  • teamschannels: a list of all channels in a Team, including type and data size of the channel
  • timeline: daily overview of users, guests, sum of (un)licensed users, licensand groups since the GT365 has started
  • users: a list of all users in the tenant, including the type, mail address, contact data, if licensed, last login date, etc
  • userservicesusage*: a list of the last activities of users, including the main services license status, and when they have accessed what service, and the date of last activity across all main services
  • userstatistics: a daily updated info how many users are internal, guests, deleted, and deactivated

All tables are updated daily during the night. Administrators can access this data directly from GT365 storage and use this data in visualization tools such as Microsoft Power BI and Excel, and with workflows. Entries with one star have been added over the last few months. This list with all the details can be requested by the customer if required.

New Power BI reports

There is a new Power BI file available that visualizes all of the above data. We numbered the reports and added a dashboard for navigation. See some sample screenshots of the Power BI reports here, starting with an overview of the reports. A user can press CTRL and click the report to open it.

image

Users, Teams and Groups:

image

Power Platform data for Power Apps, flows, connections, and more:

image

Power BI data (which is not included in many other solutions, as the the Microsoft CoE):

image

Guests last login activity with flags to quickly react to the status for automatic cleanup processes:

image

...and much more.

Use the new Power BI template

You can download the Power BI template from here. Unzip the file, and open the Power BI template file with the latest version (use at least the version from Nov. 2021) of Power BI desktop. You can get it from the Power BI downloads.

Then, open the GovernanceToolkit365-Template.pbit file. When being asked about a account key, click Cancel, and close the dialog box. Open the Transform data menu, and click on Data source settings.

image

In the Data source settings, click on the Change Source... button, and enter the name of your GT365 storage account. Close the box, and when asked, paste your GT365 storage account key into the dialog box field. At the end, click on the Refresh button in the ribbon to refresh the data. Then, save the files under a different name as normal .pbix file, publish, and use it as before.

Summary

The GT365 thus offers a comprehensive overview of your M365 tenant and lots of data and details for further business processes. We think the new functionalities make sense for any organization that uses the tool to get continuous, detailed information about their M365 tenant's data.

If you're not using the GT365 yet, try it free for 30 days at governancetoolkit365.com!

App | English | GT365 | Microsoft365 | Office365 | Power BI | Power Platform | PowerApps | Serverless | Teams | atwork
Tags :

Add comment

Loading