For the best web experience, please use IE10+, Chrome, Firefox, or Safari

Enterprise Reporter Suite

Simplify Microsoft Platform security and compliance reporting

Systems and security administrators have a wide range of responsibilities today including security assessments, pre- and post-migration analysis, resource optimization and more. With manual methods, keeping up with these responsibilities can seem like a Herculean task that eats up precious time and resources.

Enterprise Reporter Suite helps you keep your complete Microsoft environment secure and compliant — both on premises and in the cloud. Comprehensive access assessments and built-in reporting provide deep visibility into Azure resources, users, groups, permissions and much more.

Plus, the Enterprise Reporter Suite includes Security Explorer®, so you can quickly take action from within the Enterprise Reporter user interface to manage access controls, permissions and security.

Key Benefits

Powerful permissions audits

Deliver real-time assessments into who has access to what resources across your environment.

Strong Teams management

Avoid group sprawl in your Office 365 environment with visibility into Microsoft Teams.

Increased visibility

Improve security and compliance by increasing visibility into critical IT asset configurations.

Optimized licenses

Easily optimize Office 365 licenses and Azure resource consumption with increased visibility.

Limitless scalability

Scalable, secure and customizable to support large and complex Windows environments.

Supported Platforms

Active Directory/Azure AD

Exchange/Exchange Online

Office 365

Windows servers

OneDrive for Business

SQL Server

Azure resources

Microsoft Teams

Features

Security and compliance

Improve compliance with security best practices, internal policies and external regulations with visibility into all critical IT configurations in your Microsoft environment, including groups, roles, mailboxes, public folders, permissions, security configurations, storage accounts and much more.

Security Explorer integration

Report, review and take action on enterprise-wide permissions from a single, centralized view. Back up permissions to establish a baseline and make targeted or bulk changes with the ability to rollback as needed. Backups can even be restored to an alternate location to ensure continuity on new servers.

Access assessment

Know who has access to what resources across your enterprise network. Tighten security and pass IT audits by ensuring that access is provided strictly on a need-to-know basis.

Improved insights with IT Security Search

Correlate disparate IT data from numerous systems and devices into an interactive search engine for fast security incident response and forensic analysis. Include user entitlements and activity, event trends, suspicious patterns and more with rich visualizations and event timelines.

Pre- and post-migration analyses

Plan for a migration or consolidation project with increased visibility into user and group dependencies, object matches and potential conflicts, and unused or disabled accounts as well as where resources, computers, files and folders exist. Easily decide what needs to be migrated before you begin and ensure the correct data and permissions were migrated after the move.

Microsoft Teams assessment

Quickly discover and report on what Microsoft Teams exist in your Office 365 environment, who the Team members are, and how the Team is being used. Enterprise Reporter for Office 365 makes it easy to stay on top of Microsoft Teams growth to avoid group sprawl and monitor usage.

Tenant and hosted resource optimization

Optimize Office 365 license allocation and service plan decisions as well as Azure resource usage. Gain visibility into cloud licenses and subscriptions, virtual machines and disk deployment, including how many, how large, how they are configured and more, so you can save on unnecessary and under-utilized resources.

Capacity planning

Report on and manage storage capacity planning and allocation on a variety of devices, including Windows file servers, network attached storage (NAS) and storage area networks (SANs).

Scalable data collection

Scale to environments of any size and geographic distribution. Schedule collections during off-peak hours to minimize the impact of data collection on network and server performance, and leverage the distributed collection architecture for load balancing.

Efficient storage

Reduce database storage requirements and save more change history data by comparing discoveries and storing only the changes.

Automated reporting workflows

Ensure stakeholders get the reports they need, when they need them, with automated report generation and flexible scheduling of report delivery.

Separation of duties (SoD)

Honor departmental and business function boundaries by enabling auditors, help desk staff, IT managers and other stakeholders to get exactly the reports they need and nothing more.

Customizable reports

Perform effective data analysis that meets the unique informational needs of your organization using predefined reports or creating new reports. Customize with advanced filtering and export multiple formats, including PDF, HTML, MHT, RTF, XLS, XLSX, CSV, text and images.

Common reporting portal

Export reports to our software knowledge portal for a unified reporting interface across the entire family of Quest security and compliance solutions.

Complete platform reporting

Complete platform reporting

Get comprehensive reporting on multiple Microsoft platforms in one console

Configuration Manager

Configuration Manager

Create and manage job collections in a single place

Customize report layout

Customize report layout

Customize the design and layout of reports to suit your needs

Field customization

Field customization

Customize out-of-the box reports by adding additional fields

Quick remediation

Quick remediation

Remediate permissions and group membership using Security Explorer

IT Security Search

IT Security Search

Display state-based data through integration with IT Security Search

Extend attributes

Extend attributes

Easily collect additional attributes for AD, WMI and Active Roles

Tech Specs

Hardware requirements

Enterprise Reporter

Memory

Minimum: 16 GB RAM

Recommended: 16 GB RAM

Processor

Intel or AMD 2 GHz multiprocessor (with at least 2 cores)

64-bit processor

Hard disk space

Disk space requirements will vary with the Enterprise Reporter components you install:

Server—10 GB
Configuration Manager—2 GB
Discovery Node—10 GB for installed files, plus extra space (10GB-100GB) for processing discoveries. Space required varies with the amount of data collected.
Report Manager—10 GB

Database size varies with the amount of data you collect
The file share that you use for the Shared Data Location will require space for storage of collected data. Space required varies with the amount of data collected.
Total disk size if all components are on the same system—100 GB

Enterprise Reporter SQL Server

Memory

Minimum: 16 GB RAM

Recommended: 16 GB RAM

Processor

Intel or AMD 2 GHz multiprocessor (with at least 4 cores)

64-bit processor

Hard disk space: 100 GB or more for larger environments

The Enterprise Reporter database is the storage location of all data collected for reporting. As such, the amount of hard disk space required is directly related to the amount of data being collected. The Database Size Estimator tool shipped with Enterprise Reporter can help determine how much space will be required.

SQL Server performance is needed to support inserting data into the database tables and to support querying that data for reporting purposes. To improve the performance of data collection or reporting, consider enhancing the SQL Server memory and processor.

Larger environments may have additional requirements for memory, processor, and hard disk space. There are many factors that can effect these requirements. For additional information please see release notes.

Supported Operating Systems

The following operating systems are supported for Enterprise Reporter components.

NOTE: It is not recommended that the server or console be installed on a domain controller.

Operating System - Computer

Enterprise Reporter

ER Server

Computers

Windows Server® 2016
Windows Server® 2012 R2
Windows Server® 2012
Windows Server® Core 2012 R2
Windows Server® Core 2012 R2 Cluster
Windows Server® Core 2012

Windows Server® Core 2012 Cluster
Windows Server® 2008 R2 with Service Pack 1
Windows Server® Core 2008 R2 with Service Pack 1
Windows Server® Core 2008 R2 with Service Pack 1 (64 bit) Cluster
Windows Server® 2008 with Service Pack 2 (64 bit)

Consoles

Computers

Windows Server® 2016
Windows Server® 2012 R2
Windows Server® 2012
Windows Server® 2008 R2 with Service Pack 1
Windows Server® 2008 with Service Pack 2 (64 bit)

Windows® 10
Windows® 8.1
Windows® 8 (64 bit)
Windows® 7 with Service Pack 1 (64 bit)
Windows Vista® with Service Pack 2 (64 bit)

Nodes

Computers

Windows Server® 2016
Windows Server® 2012 R2
Windows Server® 2012
Windows Server® Core 2012 R2
Windows Server® Core 2012 R2 Cluster
Windows Server® Core 2012

Windows Server® Core 2012 Cluster
Windows Server® 2008 R2 with Service Pack 1
Windows Server® Core 2008 R2 with Service Pack 1
Windows Server® Core 2008 R2 with Service Pack 1 (64 bit) Cluster
Windows Server® 2008 with Service Pack 2 (64 bit)

Supported Operating Systems for Discovery Targets

Active Directory

Domain Functional Levels

Windows Server® 2016 Functional Level
Windows Server® 2012 R2 Functional Level
Windows Server® 2012 Functional Level

Windows Server® 2008 R2 Functional Level
Windows Server® 2008 Functional Level
Windows Server® 2003 R2 Functional Level

Windows Server

Computers

Windows Server® 2016
Windows Server® 2012 R2
Windows Server® 2012
Windows Server® Core 2012
Windows Server® 2008 R2 with Service Pack 1
Windows Server® Core 2008 R2 with Service Pack 1
Windows Server® 2008 with Service Pack 2 (64 bit and 32 bit)
Windows Server® 2003 R2 with Service Pack 2 (64 bit)

Windows Server® 2003 R2 with Service Pack 2 (64 bit and 32bit)
Windows® 10
Windows® 8.1
Windows® 8 (64 bit and 32bit)
Windows® 7 with Service Pack 1 (64 bit and 32 bit)
Windows Vista® with Service Pack 2 (64 bit and 32 bit)
Windows® XP Professional with Service Pack 3 (64 bit and 32 bit)

Network Attached Storage (NAS) Devices

Dell FluidFS 6.0
Dell FluidFS 5.0
NetApp® Filer - Data ONTAP® 8..x – 9.x and above (Cluster mode is supported as of version 8.2)

EMC Isilon OneFS (Collections require a secure connection to Isilon with a valid certificate)
EMC VNX 7.1.47.5 X (Supported by collecting as a Windows Server)
EMC VNX 7.0.35.3 X (Supported by collecting as a Windows Server)

File Storage Analysis

Computers

Windows Server® 2016
Windows Server® 2012 R2
Windows Server® 2012
Windows Server® Core 2012
Windows Server® 2008 R2 with Service Pack 1
Windows Server® Core 2008 R2 with Service Pack 1
Windows Server® 2008 with Service Pack 2 (64 bit and 32 bit)
Windows Server® 2003 R2 with Service Pack 2 (64 bit)

Windows Server® 2003 R2 with Service Pack 2 (64 bit and 32bit)
Windows® 10
Windows® 8.1
Windows® 8 (64 bit and 32bit)
Windows® 7 with Service Pack 1 (64 bit and 32 bit)
Windows Vista® with Service Pack 2 (64 bit and 32 bit)
Windows® XP Professional with Service Pack 3 (64 bit and 32 bit)

Network Attached Storage (NAS) Devices

Dell FluidFS 6.0
Dell FluidFS 5.0
NetApp® Filer - Data ONTAP® 8..x – 9.x and above (Cluster mode is supported as of version 8.2)

EMC Isilon OneFS (Collections require a secure connection to Isilon with a valid certificate)
EMC VNX 7.1.47.5 X (Supported by collecting as a Windows Server)
EMC VNX 7.0.35.3 X (Supported by collecting as a Windows Server)

SQL Server

SQL Server Instances

SQL Server® 2017
SQL Server® Clusters
SQL Server® 2016
SQL Server® 2014
SQL Server® 2012

SQL Server® 2008 R2
SQL Server® 2008 with Service Pack 2
SQL Server® 2005 with Express Service Pack 3
SQL Server® 2005 with Service Pack 3

Exchange

Exchange Servers

Exchange Online™
Exchange® 2016
Exchange® 2013

Exchange® 2010
Exchange® 2007
Exchange® Mixed Modes (2007-2010, 2010-2013, 2007-2013)

Active Roles Supported Versions

The follow versions of Active Roles are supported as targets of Active Directory discoveries. See the Active Roles web site for hardware and software requirements for your version of Active Roles:

Active Roles 7.2.1
Active Roles 7.1.2
Active Roles 7.0.4

Active Roles 7.0.2
Active Roles 6.9.0

IT Security Search Supported Versions

Enterprise Reporter can be configured to send discovery information to the following versions of IT Security Search. See the IT Security Search web site for the hardware and software requirements for your version of IT Security Search.

IT Security Search 11.4

IT Security Search 11.3

SQL Server Supported Versions

The following versions of SQL Server® are supported for the Enterprise Reporter database. See the Microsoft® web site for the hardware and software requirements for your version of SQL Server®:

SQL Server® 2017
SQL Server® 2016
SQL Server® 2014
SQL Server® 2012
SQL Server® 2008 R2
SQL Server® 2008 with Service Pack 2

SQL clusters and database mirroring are supported for your deployment, including
- SQL Server® 2016 Always On
- SQL Server® 2014 Always On
- SQL Server® 2012 Always On

Using SQL Server Certificates

SSL Encryption of SQL Server Connections using Certificates

Enterprise Reporter can be configured to work with a SQL Server® instance. To secure communications while working with Enterprise Reporter, data sent over connections to the SQL Server can be encrypted using an SSL certificate.

The steps required to configure this encryption are as follows.

Using the Microsoft Management Console (MMC):
- install the Certificates snap-in for the SQL Server® host computer
- import the certificate to the SQL Server® host computer
Using SQL Server Configuration manager:
- configure the SQL Server® to use the certificate
- configure the SQL Server® to force encryption
Restart the SQL Server® host computer

Import the certificate to all Enterprise Reporter computers that will need to communicate with the SQL Server®, such as:
- Enterprise Reporter server host computer
- Enterprise Reporter nodes
- Enterprise Reporter Configuration Manager host computer
- Enterprise Reporter Report Manager host computer
Install Enterprise Reporter on a host computer

Software requirements

The following required software is required for Enterprise Reporter.

Microsoft®.NET Framework 4.6
Microsoft®.NET Framework 4.0 (Full)
Microsoft®.NET Framework 3.5 Service Pack 1
Microsoft® Excel® (required to view reports exported as spreadsheets)

Microsoft® Excel® 2010
Microsoft® Excel® 2013
PowerShell™ 3.0

Active Roles Required Software

To collect Active Roles information, the following software is required on the computer where the Enterprise Reporter Configuration Manager is installed and on the computer where the Enterprise Reporter node is installed:

ADSI Provider (the version must match the Active Roles version)

For more information and installation instructions, see the Active Roles Quick Start Guide. The following additional considerations are required:

There must be a trust between the Enterprise Reporter domain and the Active Roles domain.

The credentials used for the Active Roles discovery must have access to the Active Roles domain.

Exchange Required Software

To collect Exchange® 2007 information, the following additional considerations are required:

Exchange® 2007 Management Tools must be installed on the computer where the Enterprise Reporter node is installed and must be in the same forest as the 2007 Exchange Organization.

It is highly recommended to put the computer where the Enterprise Reporter node is installed within the target Exchange® 2007 domain.

To collect Exchange mailbox folders, the following additional considerations are required:

Impersonation needs to be configured on the Exchange organization. Refer to your Exchange Server document or use the following method to set up role assignments.
- Powershell can be used to add an assignment
  New- ManagementRoleAssignment–
  Name: impersonationAssignmentAdministrator-
  Role: ApplicationImpersonation –User:Administrator
- Alternatively, you can create an administrator role with ApplicationImpersonation role assigned to it and add the required account as a member (or assign ApplicationImpersonation role to an existing administrator role)

OneDrive Required Software

To collect OneDrive information, the following additional software is required:

Microsoft SharePoint Online Management Shell

NOTE: PowerShell 3.0 and Microsoft SharePoint Online Management Shell are required on the node machines to collect OneDrive configuration settings.

NOTE: In addition, for OneDrive configuration settings to be collected successfully, an authorized connection must be established to the SharePoint Online service. To allow for credentials to be specified for your tenant, the “LegacyAuthProtocols” setting must be enabled on your tenant. To set this on your tenant, run the following commands using the Microsoft SharePoint Online Management Shell. This action must be performed on any node machine with Microsoft SharePoint Online Management Shell installed.

Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned

Import-Module -Name Microsoft.Online.SharePoint.PowerShell

Connect-SPOService -Url "<full tenant name>"

Set-SPOTenant -LegacyAuthProtocolsEnable $True

Disconnect-SPOService

Azure Required Software

To collect Azure information, the following additional software is required:

Microsoft Azure Active Directory Module for Windows PowerShell

NOTE: Microsoft Azure Active Directory Module for Windows PowerShell is required on the node machines to collect multi-factor authentication attributes for Azure Users.