- Azure Sentinel—A real-world example - Tue, Oct 12 2021
- Deploying Windows Hello for Business - Wed, Aug 4 2021
- Azure Purview: Data governance for on-premises, multicloud, and SaaS data - Wed, Feb 17 2021
One of the main issues with cloud services is that their backend is invisible. The point of subscribing to a cloud service is that you “don’t need to worry about how it works; just use it.”
Businesses that have adopted Office 365 have some options for management & reporting. However, the management interface is somewhat restrictive requiring customers to turn to Powershell to handle more advanced tasks. As well, reports can take time to generate and are not always what you need. The underlying logs are only stored for 90 days. Although you can customize reports (using PowerShell) or download them to Excel, these reports will often leave you wanting for more details or customization, particularly if you’re managing a large tenant.
Enter Knowledge Vault, a new cloud service that solves this issue. Knowledge Vault is a powerful Hadoop-driven cloud service that runs in Azure and uses SQL Server Analysis Services for report generation. With Knowledge Vault, you can store historical data and audit logs for as long as you have a subscription, which enables very powerful trending, delta and longer term analysis.
Knowledge Vault main dashboard
Knowledge Vault also extends the native management capabilities and provides the ability to automate and delegate tasks to help desk and other managers without requiring excessive permissions, and without the need to learn and use PowerShell.
Knowledge Management Action
The most interesting thing to me about Knowledge Vault is that the service takes a holistic approach to governance and compliance. Today, Knowledge Vault supports Microsoft Office 365 (including Exchange Online, Skype for Business and SharePoint), Exchange on-premises and OneDrive for Business with support for Dropbox, Box, and Salesforce to follow shortly. Having a single reporting solution for compliance across on-premises Office 365 and Exchange, as well as across other cloud services, will be valuable for many businesses.
In particular, corporations that have invested in a complex, on-premises governance solution might now be able to use a cloud service to cover both platforms during a lengthy migration phase.
The underlying Big Data store is highly scalable horizontally. The indexed search functionality seemed very fast in my testing.
Setting up an account is very simple: provide your basic information, submit, and log in to your newly provisioned portal. Microsoft accounts are supported for logging into the service, along with Google, LinkedIn, Facebook, Twitter and Yahoo accounts. Larger enterprise customers will prefer the recent addition of integration with Azure AD (AAD) and Active Directory Federation Services (ADFS) providing Single Sign On (SSO) with your corporate accounts.
The service is also geared toward managed service providers. You can customize reports with your company logo, and you can use the console for multiple tenants by simply picking the organization you’re reporting on from a list on the right. MSPs can also customize chargeback packages.
The Office 365 connector collects data once per day, whereas the on-premises agent for Exchange allows you to configure the data collection interval. Permissions are fairly basic; a service admin can make any changes, whereas a user can only run reports, but advanced delegation capabilities are on the way.
What I really like about Knowledge Vault are the dashboards that give you a very quick overview of a particular aspect of your Office 365 usage. The Mobile dashboard gives you a pie chart of the top 10 device types used to connect, along with the number of devices used and other information.
The System Overview dashboard presents your license usage of the different Office 365 plans as well as that of Intune, AAD Premium, and CRM licenses. It also lists the largest mailboxes this week.
The Traffic dashboard lists the top senders and top recipients for email traffic, whereas the Distribution Groups dashboard shows you the largest group memberships and the most active distribution groups.
Management actions are another very useful feature. These actions allow you to set up auditing, manage group memberships and perform various other management tasks in Office 365 without having to do so remotely through PowerShell.
Particular reports that might become favorites are mailbox access by non-owners as well as email traffic by mailbox, litigation hold, and a very granular administrative auditing report that goes down to the level of which PowerShell cmdlet was run and by whom. Support for Lync was recently added, with reports for adoption rate, active users and peer-to-peer minutes per instance.
Knowledge Vault HIPAA reports
You can export reports to different formats (the Office 365 console only exports to its Excel plugin), including XML, CSV, PDF, Excel, TIFF, Word, and MTHML. The prebuilt Compliance reports are configured for the GLBA, HIPAA, NIST, PCI, SAS70, and SOX frameworks.
The interactive view allows you to build your own reports. You can then export the layout and share it in the community forums, where you can also find report layouts by other users to import.
The search function allows you to search through all the stored log data, not just the particular bits of information in the built-in reports. The reports are pre-processed and, in my experience, run faster than the built-in reports in Office 365.
You can schedule Knowledge Vault reports to run at specific times (the only way to do this in Office 365 is through PowerShell scripting) and email them to specific people.
I can see a good fit for Knowledge Vault in larger organizations that need deeper insight into their use of Office 365 and on-premises Exchange. When other cloud services such as Box and Salesforce are added, having all that data aggregated in the same place for overall reporting will make insight and compliance with various laws and frameworks much easier.
My only worry is that, as Microsoft keeps improving the core Office 365 service, the company may add functionality that fulfills some of the same needs as Knowledge Vault. However, considering the pace of development so far, Knowledge Vault should have no problem adding more value.
Knowledge Vault is also very attractively priced, with a powerful underlying architecture and rich functionality. If you’re interested, you can try it out with yourself with up to 2,500 mailboxes for 14 days; after that, the cost is very reasonable at $0.25 per user per month.