Note
This repository is publicly accessible as part of our open-source initiative. We welcome contributions from the community alongside our organization's primary development efforts.
A Microsoft 365 exporter for Prometheus metrics. The exporter uses the Microsoft Graph API to collect metrics about Microsoft 365 services and exports them in a format that can be scraped by Prometheus.
The following collectors are implemented:
| Name | Description |
|---|---|
| adsync | Entra ID Connect Health |
| intune | Intune devices |
| license | Licenses usage |
| onedrive | Onedrive usage |
| securescore | Securescore |
| servicehealth | Service Health |
| teams | Teams |
Download the latest release from the release page.
A Docker image exists on GitHub container registry.
Tags:
ghcr.io/cloudeteer/m365-exporter:<VERSION>
The exporter requires the following permissions to be set in the Azure AD app registration as Application permissions:
- DeviceManagementConfiguration.Read.All
- DeviceManagementManagedDevices.Read.All
- Directory.Read.All
- Files.Read.All
- Organization.Read.All
- SecurityEvents.Read.All
- ServiceHealth.Read.All
- Sites.Read.All
- TeamSettings.Read.All
- User.Read.All
Keep in mind, after granting the permissions, the administrator must consent to them.
Permissions for Entra ID Connect Health must be set in the on the Entra ID Connect Health page via permissions.
The Read permission is required.
By default, the exporter will search in /etc/m365-exporter/ a file named m365-exporter-config.yaml, alternatively the file can be placed
in the current working directory of the program. It’s possible to set a specific location of the config file via setting
the M365_CONFIGFILE environment variable.
A fully fledged example config file can be found in the docs folder.
| Config Parameter | Info |
|---|---|
settings.loglevel |
Possible values are "panic","fatal","error","warning","info","debug" and "trace". Default is "info". |
settings.serviceHealthStatusRefreshRate |
Refresh rate of service health status in minutes. Only Integers allowed. Default is 5 minutes. |
settings.serviceHealthIssueKeepDays |
Setting how long an Incident or Advisory should be kept as resolved in the metrics. |
onedrive.scrambleNames |
bool whether the label for individual onedrive metrics should have a scrambled version of the UPN |
onedrive.scrambleSalt |
Set the salt to scramble the UPNs, a default value is set, so UPN hashes are always salted |
Environment variables can be used to set configuration parameters. If a parameter is set via the environment, it takes precedence over the settings in the config file.
The environment variable names correspond to a key in the YAML file,
by prefixing it with M365_ and where the .s are replaced by _.
M365_SERVER_HOST set the server.host parameter in the YAML file.
Caution
The config provider can’t handle boolean values passed through the environment.
m365-exporter supports all authentication supported by Azure SDK for Go.
| Variable name | Value |
|---|---|
AZURE_CLIENT_ID |
Application ID of an Azure service principal |
AZURE_TENANT_ID |
ID of the application's Azure AD tenant |
AZURE_CLIENT_SECRET |
Password of the Azure service principal |
| Variable name | Value |
|---|---|
AZURE_CLIENT_ID |
Application ID of an Azure service principal |
AZURE_TENANT_ID |
ID of the application's Azure AD tenant |
AZURE_CLIENT_CERTIFICATE_PATH |
Path to a certificate file including private key (without password protection) |
| Variable name | Value |
|---|---|
AZURE_CLIENT_ID |
User-assigned managed client ID. Can be avoid, if a system assign identity is used |
AZURE_TENANT_ID |
ID of the application's Azure AD tenant |
- graph API reference (includes required permissions)
- pagination
- Graph API Explorer (look up API endpoints, and their required permissions)
Run make help to see available make targets.
To contribute to the project, refer to the CONTRIBUTING.md file.
For commercial support, contact Cloudeteer.
This project is licensed under the MIT License.