M365 Services Supplemental Monitoring Management Pack v2

Hey Everyone! We are excited to announce that v2 of the M365 Services Supplemental MP is now available for download! We have continued to improve the flexibility and deliver a streamlined easy to implement monitoring solution for your organization. We have added additional real-time service test Console tasks to ease the pain of troubleshooting and verifying service disruptions. Some of the v2 updates are listed below and are also explained in the video tutorial/walk-through. The v1 release has been an amazing experience and we want to thank you all for your feedback! Make sure to follow us on Twitter @MonitoringGuys !

Detailed walkthrough of App registration, M365 user accounts, SPO/Teams requirements, and MP configurations.

Download Here

  • Updated GraphAPI endpoints for M365 Services monitoring and incident data
  • Granular Services Incident Alerting; Critical, Warning, and Informational Alert Rules
  • Performance Based Alerting for MailFlow, Teams, Sharepoint Online, and OneDrive
  • Console Tasks for Mailbox CleanUp and Performance Collection Rules
  • OnDemand Discovery setup tasks for ultra fast setup
  • Added Console tasks for password updates, SPO Site Search, Teams Chat, Calendar, and Channel Messages
  • Teams Service Model Update, including monitors for Calendar, Presence, and Chat
  • PowerBI Dashboard providing easy to consume indicators for IT staff and Leadership!


Brian, Tyson, and Taylour

6 Replies to “M365 Services Supplemental Monitoring Management Pack v2”

  1. Hi, I was using previous MP for Lincense and Services and after upgrade Lincense seems to work fine but Services has some issues
    Lot of errors event id 9995/9997.9992

    Application has been granted ServiceHealth.Read.All in Microsoft Graph

    Message: Unable to get Services object(s) from URL: [https://graph.microsoft.com/v1.0/admin/serviceAnnouncement/healthOverviews]. See error data.

    WorkflowName: M365SSVC.Services.POSH.Discovery.DS
    ScriptName: M365SSVC.ServicesDiscovery.ps1
    Invocation/Function: LogIt

    ThisScriptInstanceGUID: 56D9F7
    ScriptLine: 218
    Running As: nt authority\system

    ClientID: bfcd2dcc-ffc7-4e11-bec2-8f0eaf35dcc7
    M365_AccountName: ccccccc@cccccc.net
    MgmtGroupRegKey: HKLM\SOFTWARE\Microsoft\Microsoft Operations Manager\MP\M365SSM\MgmtGroups\CF\WatcherNode
    TenantName: d3222974-7222-43dd-9b7a-222a3a3800c
    MgmtApiURL: https://graph.microsoft.com
    MgmtApiTokenURL = https://login.microsoftonline.com
    MgmtApiTokenScopeURL: https://graph.microsoft.com/.default
    OnDemandDiscovery: N/A
    TLSVersion: 1.2
    PoshLibraryPath: C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Resources\1680\M365Library.ps1
    ScriptOutputType: DiscoveryData
    WriteToEventLog: False
    Any Errors: Invoke-RestMethod : The remote server returned an error: (403) Forbidden. At line:214 char:13 + $Result = Invoke-RestMethod -Method GET -Headers $Headers -Uri $URL … + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:Htt pWebRequest) [Invoke-RestMethod], WebException + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShe ll.Commands.InvokeRestMethodCommand

  2. Additionaly got those erros with points somehow to https://manage.office.com

    Message: Unable to Get Access Token for [Services].. See error data. Exiting.

    WorkflowName: M365SSVC.ServicesMon.PB.PA_(M365SSVC.GetServicesData.AgentTask)
    ScriptName: M365SSVC.ServicesMon.ps1
    Invocation/Function: LogIt

    ThisScriptInstanceGUID: CA14FC
    ScriptLine: 188
    Running As: nt authority\system

    ClientID: XYZ
    TenantName: XYZ
    MgmtApiURL: https://manage.office.com
    MgmtApiTokenURL = https://login.windows.net
    MgmtApiTokenScopeURL: https://manage.office.com
    OnDemandDiscovery: N/A
    TLSVersion: 1.2
    PoshLibraryPath: C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Resources\587\M365Library.ps1
    ScriptOutputType: Serialized
    EventIDFilter: 9990,9991,9992,9995,9996,9997,9998,9999
    WriteToEventLog: True
    Any Errors: Get-AccessToken : Cannot bind argument to parameter ‘User’ because it is an empty string. At line:185 char:53 + … Response = Get-AccessToken -Delegated -User $M365_AccountName -Pass $ … + ~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [Get-AccessToken], ParameterBin dingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationErrorEmptyStringNotAl lowed,Get-AccessToken

    1. @Fursel,
      The old management API is expired; the previous URLs are no longer valid. The v2 Services MP now uses the same standard Graph endpoints as the rest of the MPs.
      (assuming you use the default/common endpoints and not the special gov ones)
      Run the Services configuration task to set the correct URLs (M365 Supplemental – Configure Services). The config task should initiate immediate discovery so you should see the URLs update on the Watcher node object properties relatively quickly (a few seconds to a couple minutes).

  3. Fixed the previous error.

    Is there any way to have rule which will close incidents and advisories which are already closed in Admin Portal ?

  4. Since Sunday we have errors with getting function Get-AccessToken which cause tons of alerts and not getting data into SCOM Events(9995,9997), not sure if something has changed in Azure

    Invoke-RestMethod : {“error”:”invalid_request”,”error_description”:”AADSTS80014: Validation request responded after maximum elapsed time exceeded.\r\nTrace ID:
    975a243f-5d36-4248-8722-14a5e5200a00\r\nCorrelation ID: 1d4fc2dd-9138-4982-91d9-eac36e520be6\r\nTimestamp: 2022-03-16
    08:29:36Z”,”error_codes”:[80014],”timestamp”:”2022-03-16 08:29:36Z”,”trace_id”:”975a243f-5d36-4248-8722-14a5e5200a00″,”correlation_id”:”1d4fc2dd-9138-4982-91d9-eac36
    At line:84 char:20
    + … nResponse = Invoke-RestMethod -Uri “$($ApiTokenUrl)/$($TenantName)/oa …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

    When trying manually to use
    Invoke-RestMethod -Uri “$($ApiTokenUrl)/$($TenantName)/oauth2/v2.0/token” -Method POST -Body $ReqTokenBody
    with grant_type ‘client_credentils’ it works and token is received but with grant_type ‘password’ I got the same error

    Invoke-RestMethod : {“error”:”invalid_request”,”error_description”:”AADSTS80014: Validation request responded after maximum elapsed time exceeded.\r\nTrace ID:
    044191db-fd45-4b52-a020-0432a5310d00\r\nCorrelation ID: fe218631-bd10-401d-905c-a8af850dfa8f\r\nTimestamp: 2022-03-16
    08:34:05Z”,”error_codes”:[80014],”timestamp”:”2022-03-16 08:34:05Z”,”trace_id”:”044191db-fd45-4b52-a020-0432a5310d00″,”correlation_id”:”fe218631-bd10-401d-905c-a8af8

    Please help 🙂

  5. Seems that Microsoft changed added some new IP ranges to Azure Datacenter and this was the reason why those logins have been failing.

Leave a Reply

Your email address will not be published. Required fields are marked *