menu

WebPlatform Documentation

EIMS - User Reporting Power BI Report

General

1.1 PowerBI

The report is generated in PowerBI using a MS Dataverse data source

1.2 Power Automate

Data is gathered from the Microsoft Tenant using Power Automate process

1.3 Data Generation

Multiple Power Automate processes run at 0100 each night to generate the data, some of the processes can take a number of hours to run.

Retrieve Data – Users

Retrieve Data - SharePoint – Sites

Retrieve Data - SharePoint LnL (Lists & Libraries)

Retrieve Data - SharePoint LnL2

Retrieve Data – Teams

Retrieve Data - Groups

1.4 Report Generation

The PowerBI report refreshes it’s data, from the Dataverse data source, at 0000, 0900 and 1200 everyday

1.5 Reset

At the top right of the Power BI report page there are 2 refresh buttons, The one on the right refreshes the data behind the report the one on the left refreshes the data and resets all of the filters on the report to their default state.

At the top right of the Power BI report page there are 2 refresh buttons, The one on the right refreshes the data behind the report the one on the left refreshes the data and resets all of the filters on the report to their default state

1.6 Export

Whole Report – on the Power BI menu bar there is a button for Export and it’s possible to export the whole report to various formats

Specific data – on each element of any report page, where possible, a menu button will appear when the mouse is floated over the report element, this menu includes the option to export data from just that element to excel

1.7 Help

Each page of the report includes a help button

Clicking this icon will link to a help page that explains the data and the functionality specific to each page

Data sources

All data is gathered from locations within the EIMS Microsoft 365 Tenant.

Each data source has a data trawl done once a day and the data is stored in Microsoft Dataverse, a relational database structure embedded behind the Microsoft 365 Tenant.

There are 3 sources of data.

2.1 Azure Active Directory (AAD)

This is further split into 2, user data and group data. Data is entered either directly into AAD or is synchronised from the ‘local’ Active Directory (AD). For EIMS the majority of user data comes from AD, and the majority of group data comes from AAD.

2.1.1 Users

Users in AD can only be managed from AD, Users created in AAD can only be managed in AAD. It is possible to move users from AD to AAD but not AAD to AD.

Of note in the following image, Department is used to store the two elements of the Business Unit, separated by a colon, ( : )

New starter user data in AD is manually entered by LMS / EIMS with information gathered from the WMS and Employee Database systems which are both internal to EIMS and managed by LMS. 

Users are filtered when importing the data from Dataverse to PowerBI to remove any external users, (any non EIMS account given access to anything on the system has a user account created) these are denoted with #EXT# in the User Principal Name (UPN) and so this is how they are filtered. (adam_plevin.net#EXT#@eimsglobal.onmicrosoft.com)

2.1.2 Groups

Groups are generally broken down to

  • Microsoft 365 – AAD based only. Can have members managed from AD and AAD, will have an email address associated by default which can be configured as either a shared mailbox or a distribution group. By default, M365 groups will have a SharePoint site associated though this is optional.

M365 groups are configured as Public or Private, the former meaning the site is visible to non members and non members are able to request access, Private groups are invisible to anyone not a member.

  • Security – AD or AAD Based. AD based groups can only be managed from AD and so can only have AD Users. AAD based groups can have AD or AAD based users.
  • Distribution – AD or AAD. The same rules as Security groups apply.

2.2 SharePoint Online

All of this data is held within the Tenant. SharePoint by default uses ‘SharePoint Groups’ to manage access but these are generally tied to Microsoft 365 groups. SharePoint access permission’s can be granted using Security Groups alongside SharePoint and M365 Groups. 

The same as M365 groups, SharePoint sites are configured as Private or Public, private sites are inaccessible to non-members, Public sites allow non-members read only access. 

2.3 Microsoft Teams

An MS Team is an extension of an M365 group, but it must have a SharePoint site. As with an M365 group and SharePoint all this data is held within the Tenant.

It is now possible to have a ‘private’ channel within teams, this is only accessible to the specific members of the team that have been invited, non members don’t see the private channel. When a private channel is created a separate Private SharePoint site is created, this too is only visible to members of the private channel.

2.4 Further explanation 

To further try to explain the relationship between Microsoft 365 groups, teams and SharePoint. 

A Microsoft 365 group always has a SharePoint site and an email address associated with it. It does not always have a MS Teams team associated with it. 

A SharePoint site doesn’t always have a Microsoft 365 group 

A MS Teams, Team always has a Microsoft 365 group and a SharePoint site 

Users

Purpose of page

This page presents the high-level numbers in a way that can be broken down by primary and secondary business unit and / or physical Location.

What am I looking at? 

3.1 Business Unit 

This is a 2 step filter, for Business unit and what appears to be payroll unit. 

3.2 Location

As taken from the location field in their AAD account. Should be a recognisable physical location 

3.3 Status -Count 

Account status, disabled is counted if the user account has a licence applied, there are lots of user accounts with no licences we need to ignore. 

3.4 Central Panel 

A list of users, with limited information, filtered by the options on the left. Can be temporarily filtered by selecting options on the right. Right clicking any user in the list and selecting to drill through to detail will navigate to a page with a higher level of detail. 

3.5 Security Group – Count 

The main role security groups and the quantity of users in the central filtered list in those groups 

3.6 Licences assigned 

the list of licences assigned, with quantities, to the filtered central list. 

What am I expected to do with it?

Functionality

Filters, on all report pages, the check boxes, drop downs etc effect all data on that page and the effects are cumulative, ie on the Users page, select a Business Unit and all the data on the page will reflect only that associated with that BU, select a Location and the rest of the data on the page is then filtered by the Selected BU AND the Location, note that when the Location is selected the BU list is also filtered to only show the BU’s with that location. 

The Users data is pulled from Azure Active Directory which is in turn Synchronised from EIMS Local Active Directory. Within AD the Office field is used in this report for Location and the Department field is used to hold the BU information. 

Users are displayed in this list if their accounts are enabled OR if their accounts are disabled and they still have licences assigned. 

Right clicking on the username displays a context sensitive menu on which is the option to ‘Drill Through’ this will take you through to a separate page with all the users details on.

SharePoint

Purpose of page

To demonstrate which groups and individuals have access to information stored within SharePoint.

Why am I looking at it?

4.1 SharePoint sites 

The full list of sites within the EIMS tenant 

4.2 Lists & Libraries 

The unique lists and libraries associated with the selected site(s) in the left column 

4.3 SharePoint Groups with site access & AAD Groups with site access 

The SharePoint groups or AAD groups with access to the SharePoint site(s) selected on the left 

4.4 Users with explicit library access & SharePoint groups with explicit library access 

The users or groups with explicit access to the selected list(s) or libraries 

Functionality

The drop down at the top left allows for the selection of the type of Site -

  • SharePoint – this site has no associated ‘Team’
  • Team – This SharePoint site was generated as a result of a Microsoft Teams team creation
  • Team Channel – this site is a result of a private channel being created within a MS Team

A SharePoint site is a collection of pages and a collection of lists and libraries -

  • A List is exactly that, a customisable list, think an Excel sheet or Database Table
  • A Library is a collection of documents and is the most common, a library can also have custom fields assigned these are unique to that particular library

Access to Data can be granted at Site or Library level and individually or via both SharePoint and AAD Groups

Sharing links can also be generated and those links show as having explicit access, it’s not possible to see, in this report, who has those links

The blue link at the top left is a hyperlink to the selected site and list or library

Under normal conditions visibility to all of this data would not be possible, you should not be surprised if you have never seen it or can’t access it.

Teams

Purpose of page

To expose all of the teams, channels and who has access to them, information not normally available.

Why am I looking at it?

5.1 Selected Team Size 

The number of users in the selected team(s) 

5.2 Team 

A two layer list, all the teams with the list of channels available to all members. 

5.3 Team Members 

The list of members of the selected team,  

Functionality

This is the list of Teams on the system, together with the Channels within each Team. This includes private channels that are normally only visible to members of that private channel.

The team members for the selected Team(s) are displayed on the right.

Groups

Purpose of page

To expose ALL of the groups and group memberships within the system

Why am I looking at it?

6.1 Group Type 

A Dropdown list of the 4 types of groups available to filter the ‘Group Type – Name’ list by 

6.2 # Groups Selected 

The number of groups in the ‘Group Type – Name’ list 

6.3 Group Type – Name 

A list of all groups within AAD, filtered by 6.1, 6.2 and 6.4 

6.4 Group Status 

A Status, Empty or In-Use, Empty is groups with 1 or less users in 

6.5 Status 

A filter for the User List on the account status 

6.6 User List 

A list of users that are in the selected group(s) from 6.3 filtered by 6.5 

Functionality

This is a list of Groups and Group members

The Group Type on the top left filters the main Group list by -

  • 365 – The most modern type of Group, cloud based and normally comes with an associated SharePoint Site and MS Team
  • Distribution – This is nominally used for mail distribution, a single address for mail to go to that is then ‘distributed’ to all group members
  • Security – This is used to provide or deny access to something, be it files, software or licences
  • Other – Any Groups that don’t fall into the above categories

When selecting the Group on the left the Group members are displayed on the right.

Using the Group Status drop down the ‘Empty’ groups can be exposed, Empty groups are those with one or less people in them.

Licenses

Purpose of page

To view who has which licences over to company and the associated costs

Why am I looking at it?

7.1 Licence Name 

A selectable list of the licences in the report 

7.2 Licence Price 

A list of licences, individual cost, quantity used and total cost per licence 

This is a snapshot of the licence cost at the time viewed 

7.3 User List 

The list of used with the selected licences from 7.1 including the cost per user for the selected licences 

Functionality

Selecting the Licence on the left will filter the users (right) and the lower licence list.

The Total Cost Value figures within this page are a snapshot of total cost at the time the report was generated should nothing change.  Inevitably user counts and so licence counts will change through the month so this figure can only be used as an indicative figure.                                                                                     

Some licences are free and hence no cost is applied

User Details

Purpose of page

To collate on a single pane all the information of a single user

Why am I looking at it?

8.1 Name 

Full name as from AAD 

8.2 Job title 

Job Title as from AAD via AD 

8.3 Entity 

The payroll entity 

8.4 Business Unit 

The business unit the user is associated with, from AAD via AD 

8.5 Location 

The physical location of the user 

8.6 Active From / To 

The dates the user has been seen on the system, any gaps of  over 3 days where the user account was inactive will result in a new set of dates 

8.7 Manager 

The users line manger, data taken from AAD but originally sourced from the EIMS appraisal system 

8.8 Licence 

The licences currently assigned to the user 

8.9 Group Memberships 

All groups the user is currently a member of 

8.10 Team Membership 

The teams and channels the user is a part of 

8.11 Security Group (SP Role) 

The Security group that denotes the Role the User holds 

Functionality

This page is accessed by using the drill though option on a user from anywhere in the report, using the back arrow at the top-right of the report returns you to the report you came from

The Active From and Active To list are the dates the user account was ‘seen’ by the reporting system. If the account isn’t seen by the system for more than a new ‘Active From’ is created

Location is the most local town or city to the user geographically ipsum

Historic

Purpose of page

To give a visual indication of user and licence counts over time

Why am I looking at it?

9.1 Date 

The date filter for the page 

9.2 Licence 

A rolling total of the various licence types in use, calculated by recording the dates licences were and weren’t assigned to uses 

9.3 User 

A rolling total of the number of enabled and disabled (with licences) user accounts on the system, calculated by the users active from and to data 

Functionality

These two graphs show the total number of users, enabled and those disabled but with licences and the number of assigned licences

There is a DateFilter to the top left that allows for the adjusting the time frame for the report

Note – data prior to early January 2023 is not accurate due to a data import issue which is not possible to be resolved

Anomalies

Purpose of page

To surface those accounts with blank data against Location, BU and Manager

Why am I looking at it?

10.1 Missing Location & Total 

List of users with no location data recorded in AAD, count of users in the list 

10.2 Missing BU & Total 

List of users with no Business Unit data recorded in AAD, count of users in the list 

10.3 Missing Manager & Total 

List of users with no Manager recorded in AAD, count of users in the list 

What am I expected to do with it.

Take those identified and update their data to improve the quality of the overall reporting

Functionality

These 3 lists are designed to list and expose those accounts that require general housekeeping, those that are in the report and have missing information.

help_outline
close