WorkSpace - Step 1Step-by-Step Guide

DATE: NOVEMBER 21, 2017

1

Section 1: Introduction

WorkSpace - Step 1

WorkSpace – Step 1 (www.mswstep1.com) is an IT inventory processing service that transforms and enriches hardware and software data into consolidated and highly accurate reporting and analysis.

This reporting details the Microsoft software present and in use within an environment. This information is useful for: ✓ Optimization and harvesting analysis✓ License compliance and Software Asset Management

WorkSpace Companion App

WorkSpace Companion App (WCA) is the lightweight client application that allows IT professionals to run a variety of scripts to collect hardware, software, and usage data from multiple database and directory sources for analysis via WorkSpace – Step 1.

2

Section 2: Administration

✓ Subscriptions

✓ Organizations

✓ Engagements

3

Registering and Creating a Subscription

1. Click ‘Sign in’ and enter your Microsoft Account to activate a Subscription.

2. As prompted, associate an email address to the Account and click the Register button. This automatically creates your Subscription and a sample Organization and Engagement.

3. Once the Subscription is activated, the ‘Manage’, ‘Get the WorkSpace Companion App’, ‘See/Add Artifacts’ and ‘See/Add Jobs’ tiles will activate and change from gray to colors.

4

Inviting Users to a Subscription

1. Click the ‘Manage’ tile on the home page, then click the ‘Create New Organization’ tile and click the Subscription Name.

2. Click on the ‘Invite a New User +’ button.

3. A one-time link will be created that you can send to other individuals. When they click it they be granted access to your Subscription.

Note: A user invited to the Subscription will have access to view all information under that Subscription, associated Organizations, and associated Engagements.

5

Creating an Organization

1. Click the ‘Manage’ tile on the home page.

2. Click on ‘Create New Organization’ tile.

3. Click the ‘Create New Organization +’ link next to the Subscription you want to create an Organization for.

Tip: Name the organization after the customer name. Multiple engagements can be created to track different engagements or projects for the same organization over time.

6

Inviting Users to an Organization

1. Click the ‘Manage’ tile on the home page, then click the ‘Create New Engagement’ tile and click the Organization Name.

2. Click on the ‘Invite a New User’ button.

3. A one-time link will be created that you can send to other individuals. When they click it they be granted access to your Organization.

Note: If a user is invited to the Organization, the individual will have access to view all information under that Organization and associated Engagements.

7

Creating Engagements

1. Click the ‘Manage’ tile on the home page then click the ‘Create New Engagement’ tile.

2. Click the ‘Create New Engagement +’ link next to the Organization you want to create an Engagement for.

Tip: Be descriptive in the Engagement name, noting the Date, Scope, etc., so that when multiple Engagements are associated to an Organization, it will be easy to differentiate them.

8

Section 3: Data Collection & Analysis

✓ Exploring the WorkSpace Companion App (WCA) & Extracting Data

✓ Uploading Data to WorkSpace – Step 1

✓ Inventory Summary: Generation & Retrieval

✓ Report Analysis and Utilization

✓ Multiple Job Iterations

9

Exploring the WorkSpace Companion AppWCA does not perform any network or endpoint scans itself, instead leveraging existing database and directory repositories to collect relevant hardware, software and user data points. The outputs are saved locally and are uploaded to WorkSpace – Step 1 by the SAM partner. All of the scripts can be viewed within the tool or copied to a text file or SQL Management Studio, for example, in order to appropriately review and test them.

WCA supports inventory data collection using three methods. You can mix and match data collected using any or all of these methods:

1. WCA Connectors: Install WCA in the environment data is to be collected from. Queries will be run directly against the data source. WCA will automatically anonymize data files (Artifacts) if this method is used.

2. PowerShell Collectors: PowerShell scripts have been developed so that inventory data can be efficiently collected from environments where it may not be possible to install WCA. Resulting data files (Artifacts) produced using this method need to be manually anonymized (See page 24 for more information about anonymization).

3. Use Excel: The Simple Generic Template is available to enable manual entry (via Excel) into the WorkSpace - Step 1. Once populated, the Excel document need to be manually anonymized (See page 24 for more information about anonymization, and page 43 for moreabout the Simple Generic Template).

10

Data Sources - WCA Connectors

WCA Connector - Data Sources Currently Supported:

✓ Active Directory – PowerShell scripts to collect Computer and User details to help define the scope of active computers/users✓ Altiris – SQL queries to extract relevant hardware/software data from Altiris databases✓ Dell KACE – SQL queries to extract relevant hardware/software data✓ Intune – Converts CSV files to XML files✓ LANDESK – SQL queries to extract relevant hardware/software data ✓ Lansweeper – SQL queries to extract relevant hardware/software data from Lansweeper databases✓ MAP ToolKit – SQL queries to extract relevant hardware, software, user, and usage data from MAP databases✓ SCCM – SQL queries to extract relevant hardware/software data from SCCM databases✓ SCOM – SQL queries to extract relevant hardware/software data from SCOM databases✓ SCVMM – SQL queries to extract relevant hardware/software data from SCVMM databases✓ VMware vCenter – Queries to extract relevant ESX Host, Host/VM mapping, and VM movement data from vCenter databases

11

Setting Up WCA

1. From the WorkSpace – Step 1 homepage, click, ‘Get the WorkSpace Companion App’ to download WCA.

2. Install WCA locally on the machine(s) from which target sources will be connected to and queried.

3. Click ‘1. Start - Set Preferences.’ It is here you can change the default Output and System Folders if needed. The defaults used by the app will normally be fine.

4. You may enable the Anonymization and Integrity Check if you customize your configuration.

Note: If you change folders to file shares on other servers, your performance will be affected by your network’s performance.

12

Extracting Data - WCA Connectors

1. Run the relevant ‘Collect Data’ item(s) to extract the desired datasets (moredetails on the following pages). Extracted data is automatically anonymized.

2. The tool outputs .XML and .GZ files to the folder specified in ‘1. Start - Set Preferences.’ The default folder is here:

C:\Program Files (x86)\Microsoft Corporation\WorkSpace Companion App\Output

3. This folder can be accessed by the Open Output Folder button and houses the files which will be uploaded to WorkSpace – Step 1 as Artifacts for processing.

Note: For assistance with MAP scans, SCCM configurations, and other tooling challenges, contact IAMSupport@microsoft.com. Click the MAP Toolkit tile on the Learn page for more information.

13

Extracting Data from Inventory Tools1. Popular inventory tools such as MAP and System Center collect

inventory data and store it locally in a dedicated SQL database.

2. To extract that data, choose the appropriate Inventory Tool Connector, enter the Server and Database Names, use Alternate Native Credentials if using SQL Authentication, and connect to that SQL database.

3. Use the Test Connection button to verify connectivity and select the Run Query button to extract the inventory data.

4. The tool outputs .XML and .GZ files to the folder specified in ‘1. Start - Set Preferences.’ It can be accessed by the Open Output Folder button. The default folder is here:

C:\Program Files (x86)\Microsoft Corporation\WorkSpace Companion App\Output

Note: To allow full transparency of operation, the scripts can be viewed in the Script folder here:C:\Program Files (x86)\Microsoft Corporation\WorkSpace Companion App\Scripts

14

Custom Inventory: Active Directory1. WCA runs LDAP queries against domain controllers to

determine the last activity dates of computers and users in the domain.

2. Select “Query for Computers” and run the query. Then change the selection to “Query for Users” and run that query, as well.

3. For recent network activity, the activity dates for a given computer or user may vary across the different domain controllers (but it may take a prolonged period of time to collect data from every domain controller).

4. To resolve this, the default setting is to run the query against just one domain controller, but the option to query all of them is also available.

15

Focusing on Altiris, LANDESK and Lansweeper

1. Enter the server name and database used by Altiris, LANDESK or Lansweeper.

2. If the ‘Use Alternate Native Credentials’ option is not selected, the queries will run under your credentials.

3. Select on ‘Test Connection’ before selecting on ‘Run Query.’

4. Output is saved in XML format that can be opened in Excel.

16

Note: No credentials are stored by the application.

Focusing on Dell KACE1. Enter the server name, database and port. If no

port is specified, then default of 3306 will be used.

2. The MySQL Dell KACE query requires you to specify Alternate Native Credentials as integrated authentication is not yet supported.

3. Select on ‘Test Connection’ before selecting on ‘Run Query.’

4. Output is saved in XML format that can be opened in Excel.

17

Note: No credentials are stored by the application.

Focusing on Intune

This utility converts Intune Computer and Software CSV files into XML files.

Select on the CSV file and process the file to get the converted XML file.

18

Focusing on the MAP Tool1. By default, when a user installs the MAP Tool, a light-weight

installation of SQL Server (LocalDB) is installed in the user’s profile. The user then specifies a database name to store scan data.

2. To extract this data, the same user must install WCA on the same machine (since the database is not accessible from other machines).

3. If the database is local, the Server Name value must be entered as “(LocalDB)\MAPToolKit” and then the appropriate Database Name.

4. Alternatively, if the MAP Tool has been set up to use a full installation of SQL Server (see MAP documentation), WCA can remotely access the database.

5. In this case, the Server Name value must specify the correct SQL instance on the server (“MAPS”) and the appropriate Database Name.

19

Focusing on System Center

1. Enter the name (or name\instance) of the database server used by System Center (This may be a different Windows Server from the computer where System Center is installed).

2. Use the System Center console or SQL Server Management Studio to find the name of the System Center database.

3. By default, when an administrator installs System Center, the setup program creates a database with a name that follows the 3-letter site naming convention (e.g. “SMS_XYZ” or “CM_XYZ”).

4. Use Alternate Native Credentials if using SQL Authentication.

20

Focusing on VMware vCenter

VMware vCenter contains information about physical hosts and virtual machines

1. Enter the vCenter server name.

2. Use VMware Credentials if your credentials do not have permissions to the vCenter appliance.

21

Extracting Data - PowerShell CollectorsPowerShell scripts are available for data sources.

• If you don’t see the data source you are looking for, review the list of sources available using WCA native data collectors.

• If a data source is not supported for automatic collection, the Generic Template can be used to import data from Excel.

Under Download Link, select on the designated ‘PowerShell Script’ and it will prompt you to a site to download the PowerShell script.

22

Extracting Data - Generic Excel ImportTwo Excel Generic Templates are available for collecting inventory data:

1. Simple Generic Template is better suited where only device and software data are collected.

2. Advanced Generic Template is better suited when only types of inventory data (e.g. Usage data) need to be collected.

It is strongly recommended to use WCA Connectors or PowerShell Collectors as primary and secondary collection options. The Simple or Advanced Generic template should only be used for data sources not supported by either of the options above. This is because population of the Generic Template is prone to human data input error where the other options are not.

Templates are available from https://www.mswstep1.com/learn.

23

Anonymizing DataTo protect your Organization, sensitive data must be removed from the previously collected data files.

Anonymizing data helps remove sensitive data by replacing certain values with generic but unique names.

Artifacts need to be anonymized in WCA before uploading to WorkSpace - Step1.

To anonymize data:

1. In WCA, select ‘3. Anonymization; Anonymize data file.’

2. Upload Artifact(s) in .XML or .XLSX format.

3. Click on ‘Process File.’

4. Once completed, click on ‘Open Output Folder.’

5. The anonymized Artifact(s) file name shall end with ‘_anon.’

Note: All data extracted from WCA Connectors are automatically anonymized.

24

Locating Files for Uploading to WorkSpace – Step 1

1. All data files are written to the folder specified ‘1. Start - Set Preferences.’ It can be accessed by the Open Output Folder button.

2. XML files are saved as uncompressed and compressed (.gz) versions. Either one can be uploaded. Uploading zipped files will significantly decrease the time it takes.

3. Make sure the Artifacts are anonymized before uploading to WorkSpace - Step 1.

25

Uploading Data to WorkSpace – Step 1

1. Once an Engagement is created, navigate to the ‘Upload’ page by clicking on the ‘See/Add Artifacts’ tile from the Homepage.

2. You can also get there by clicking the ‘Artifacts’ top link.

3. Click the ‘See/Add Artifacts +’ link under the Engagement you created.

(continued)

26

Uploading Data (continued)

4. Browse to the data file location, create a name for the Artifact, and select ‘Upload.’

5. The file will appear under ‘Artifacts’ under ‘Artifact Name.’

6. The status under ‘Most Recent Status (refresh browser page)’ will show ‘Uploaded (ready to be included in a job).’

27

Note: The Artifact status will be shown after the Job processes.

Generating Reports

1. Once all relevant Artifacts have been uploaded, select the ‘See/Add Jobs’ tile to process the Artifact data.

2. Select ‘Create A New Job’.

(continued)

28

Generating Reports (continued)

3. Select the Artifact(s) from the dropdown, create a ‘Job Name,’ set the ‘In-Scope Reference Date’ and ‘In-Scope Period.’

4. Click the ‘Create Job’ button to start the processing.

Note: WorkSpace – Step 1 has the ability to take multiple Artifacts and merge them into a single, cleansed, de-duplicated report.

29

Retrieving Reports1. You will see your Job under ‘Job Name’ and the status under

‘Status (refresh browser page).’

2. The ‘Status (refresh browser page)’ will initially report ‘Waiting to be processed (1 of 6).’

3. Refresh the browser page until the Status changes to ‘Succeeded (6 of 6).’ Three reports will then be available for download.

Note: On average, once you’ve created a Job you will be able to access the reports in 10-20 minutes. If your Artifact(s) included software items not in our catalog (“uncategorized software”) these reports will not be final. You will see the Job Status as "Succeeded - has uncategorized software (5 of 6)." Final reports will automatically be generated once all the software has been categorized. Catalog updates take place daily, Monday-Friday, at approximately 12:00PM PST.

30

Reports Overview

The three reports that will have been generated are:

✓ Enterprise – Microsoft Related Report✓ Preliminary CIDC – Microsoft Related Report✓ Refinement – Microsoft Related Report

Each Report has a different function and they will be utilized in different ways for you to ensure a more complete dataset for your CIDC.

31

Enterprise ReportThe Enterprise Report is a robust document to show the environment scan results in various forms, charts and worksheets.

32

• Table of Contents• Deployment Summary• Deployment Report• Scan Report• Windows Workstation Summary• Active Directory Report• UAC Report• Hypervisor Summary• Hypervisor Report• Windows Server Summary• Windows Server Detail• SQL Server Summary• SQL Server Detail• SQL Server Instance Detail• SQL Server Database Detail• System Center Summary• System Center Detail

• SharePoint Summary• SharePoint Server Detail• Exchange Summary• Exchange Server Detail• Exchange Server Mailbox Report• Skype For Business Summary• Skype For Business Summary • BizTalk Server• BizTalk Server Detail• CRM Summary• CRM Server Detail• Office Deployment Summary• MSDN Candidate Report• Inventory• MaskedProducts• Users• Access

Enterprise Report (continued)One of the purposes of the Enterprise Report is to surface and call out the problems the tool had in connecting to machines, and identify some potential next steps to solve the issue. A few examples of this are:

• If a computer has been active in the past, but not within the reference period window, it (and all its software) is considered ‘Out of Scope.’ All other computers are considered ‘In Scope.’

• If software inventory has been collected from the target computers within the window, it is considered ‘Current,’ otherwise it is considered ‘Stale.’

• If a computer has been successfully inventoried, it has a ‘ScanStatus’ of ‘Success,’ otherwise the scan-tool error message or ‘Not Scanned’ is shown.

• The ‘DeviceStatus’ column will display data that needs to be investigated or addressed (this can also be seen in the ‘Scan Report’ tab when you filter cell 4B for ‘ALL’).

33

Enterprise Report (continued)

The Enterprise Report will need to be restored (or de-anonymized), so you can identify the areas that need your attention.

To restore the Enterprise Report:1. In WCA, click ‘3. Anonymization; De-anonymize

(restore) data file.’ Upload the Refinement Report via ‘Source xlxs file field.’

2. Click Process File.3. Once successfully processed, click on ‘Open

Output Folder’ to retrieve your Report.

34

Preliminary CIDC ReportThe Preliminary CIDC Report is what your final CIDC will be based on. It will need to be restored (see page 38) as to identify the areas that need attention.• Lists all computers that are considered “In Scope” in the Standard Report.• Lists all software that is considered “Current” (i.e., has been collected from the

target computer in the 30 day window).

The Preliminary CIDC Report does not: • Show “Stale” inventory. • Highlight ‘In Scope’ computers that have not been successfully inventoried.

In terms of including what is outside of the reference window: • If a user wishes to confirm whether additional data collection is required in order

to have full coverage across all computers, the Refinement Report can be inspected to identify computers that need to be scanned and computers where additional data points are needed.

• If a user wishes to add data to a Preliminary CIDC Report, this can be done using the Simple Generic Template (see page 43).

(continued)

35

Preliminary CIDC Report (continued)The Preliminary CIDC Report has a number of worksheets.

• Instruction: This will tell you what fields are mandatory and where and what data values should be entered.

• Sheet A - Hardware and Operating Systems Template: Physical hardware, virtual machine and operating system details for machines running Windows Client and Server operating systems and also for machines running non-Windows hypervisors that run guest Windows operating systems.

• Sheet B - Client and Server Applications Template: Details of Microsoft products both client and server, installed on both client and server operating systems, running on either physical or virtual machines.

• Sheet C - Access Licensing Template: Machine and user details for products requiring access licensing (e.g., CAL, MLS, etc.).

(continued)

36

Preliminary CIDC Report (continued)

• Sheet D - User Subscription Template: User to Subscription mapping for MSDN and future subscriptions.

• Sheet E - Virtual Machine Movement History Template: History of Hosts on which VMs have been running.

• Sheet F - SQL Server Instance Template: Instance level details for SQL Servers.

• Sheet G - General Information Template: Summary information of total user and device count, etc.

37

Restoring the Preliminary CIDC ReportA ‘Preliminary CIDC Report’ is ready for download after processing the Job/Artifact(s).

To restore the Preliminary CIDC Report:

1. In WCA, click ‘3. Anonymization, De-anonymize (restore) data file.’ Upload the Preliminary CIDC Report via ‘Source xlxs file field.’

2. Click Process File.

3. Once successfully processed, click on ‘Open Output Folder’ to retrieve your Report.

Once the Preliminary CIDC Report is restored, it may need updates. Open the Restored Preliminary CIDC Report, and update the cells that are highlighted in yellow.

Note: Refer to the ‘Workspace Product & Program Definitions’ file for a list of standard values to update the Preliminary CIDC. It is available in the footer of the WorkSpace site, once you are logged in.

38

Refinement ReportThe Refinement Report identifies aspects of the Enterprise and Preliminary CIDC Reports where additional data is needed.It will need to be restored (see page 41) to correct the areas that need attention.The Refinement Report has a number of worksheets:• Summary: This gives you a broad view of things that need refinement

• Workstations: Use the ‘Exclude Y/N’ column on the worksheet to indicate whether each workstation should remain ‘In Scope.’ It may be appropriate, for example, to ‘Exclude’ de-provisioned workstations.

• Servers: This is as above, but focuses on servers.

• Non Microsoft: These are computers where almost nothing is known. By default, they are flagged as ‘Excluded.’

(continued)

39

Note: If items are listed in the Refinement Report in any tabs but the Device Scope and User Scope tabs, they will not be on the Preliminary CIDC Report.

Refinement Report (continued)• Virtual Hosts: This is where the virtual host is not currently known. Here, you specify

the name of the host, processor and core count.

• Windows Editions: Unknown Windows editions are installed on these computers. This can be specified in the ‘Edition’ column.

• SQL Editions: These are machines that have SQL installed, but the edition of SQL Server is not known. This detail can be added.

• Office Editions: This is as above, but focuses on Microsoft Office.

• Device Scope: All machines are listed on this worksheet. If any machine should be marked as ‘Out of Scope’ or as ‘Non Production,’ then flag it accordingly.

• User Scope: All users are listed on this worksheet. If any user should be marked as ‘Out of Scope’ or as ‘Non Production,’ then flag it accordingly.

• Uncategorized Software: When a Job has a status of ‘Succeeded - has uncategorized software (5 of 6)’, those items will appear in this tab.

40

Restoring the Refinement ReportA ‘Refinement Report’ is ready for download after processing the Job/Artifact(s).

The first thing to do is restore or de-anonymize the Refinement Report.

To restore the Refinement Report:

1. In WCA, click ‘3. Anonymization, De-anonymize (restore) data file.’ Upload the Refinement Report via ‘Source xlxs file field.’

2. Click Process File.

3. Once successfully processed, click on ‘Open Output Folder’ to retrieve your Report.

Once the Refinement Report is restored, it may need updates. Changes can be made only in the orange-colored cells.

Note: Refer to the ‘Workspace Product & Program Definitions’ file for a list of standard values to update the Preliminary CIDC. It is available in the footer of the WorkSpace site, once you are logged in.

41

Utilizing the Refinement Report

42

2. You will also need to go over your Scope [Column M] items.• If they need to be excluded, that is ‘Out of Scope’, then you would exclude them in Column O by clicking on the

<no override> cell. When you click in the cell an arrow will appear.• If it is correct and you do not want to exclude them, then leave it as ‘In Scope’ and they will appear on the CIDC

once you fix the MachineType.• If they are Out of Scope and you want to include them, you would follow the same process by overriding the

current state in Column O. Once these are done save the document. (See Appendix 3 and Appendix 4 for more on In/Out of Scope.)

3. You will now need to:• Re-anonymize the now-fixed Refinement Report• Upload that anonymized Report xml as a new Artifact• Create a new Job that includes the fixed Refinement Report Artifact and the Artifact(s) you used initially.

Once the Refinement Report is restored, you will need to utilize it to get an accurate dataset.

1. When you look at your refinement report you will see that in the Device Scope Tab you may have items In Scope with a ‘MachineType’ of Unknown [Column P]. The Machine Type cannot be “Unknown” or “Service.” It has to be either, “Physical,” “ Virtual” or “Host.”

• Choose whichever the machine type is by clicking in an orange cell in Column P, and using the arrow to select the proper Machine Type.

Note: This process may need to be done a few times to get the dataset accurate on the Preliminary CIDC.

Simple Generic TemplateThe Simple Generic Template can be found by clicking on Home, then the Learn More tile, then the Supplemental Files tile. Download the Template to an easily accessible folder.

The Template has four tabs:• Instructions• Device• Software• Validation

It is in the Device and Software tabs where you will add the data needed.

Once the Template is filled out with no validation errors, you must anonymize it using WCA, then upload it to Step 1 as a new Artifact.

43

Note: The Simple Generic Template determines a machine’s type through the ‘Model’ column. If a virtual model is listed in this column, the machine will be designated as ‘Virtual.’ If anything else is included in this column, the machine will be designated as ‘Physical.’ In the case where you leave the column blank, the machine is listed as ‘Unknown’ and will therefore be excluded from the CIDC.

Simple Generic Template (continued)• Instructions tab: This page shows sample data of fields to be filled out

on the Device and Software tabs, along with the fields that are mandatory and optional.

• Device tab: Following the Template requirements, fill out the required fields in the Device and Software tabs. Please make sure that computer names and domains match between device and software tabs to avoid duplications.

• Software tab: Same as above.

• Validation tab: This sheet will help find if there will be issues processing the file through the system. Any field improperly formatted on the Device and Software tabs will be shown under a red cell indicating the error with the input format value.

44

Note: Make sure to scroll to the right on the Validation tab to see columns not visible in main frame.

Job Checklist - Review✓ Collect Data from WCA.✓ Upload anonymized Artifact(s) to Step 1 as .XML or .XML.GZ.✓ Create successful Job with Artifact(s).✓ Review the Job for completeness using the four generated reports.✓ Look for large sets of missing information that may indicate a need for additional

data collection.✓ Download and de-anonymize the Refinement Report. ✓ Refine all the areas that need attention in the Refinement Report.✓ Save, anonymize and upload the Refinement Report as a new Artifact.✓ Create a new successful Job with Refinement Report and initial Artifact(s).✓ Review the Job for completeness using the three generated reports.✓ Utilize Refinement Report, as above✓ Create a Simple Generic Template to add missing hardware and software records,

as relevant.✓ Anonymize and upload to Step 1 as a new Artifact.✓ Create a new successful Job with new Refinement Report, Simple Generic

Template and initial Artifact(s).✓ Review CIDC. If accurate, de-anonymize CIDC.✓ Encrypt CIDC using WCA Section 6. ‘Encrypt sensitive data.’✓ CIDC is ready for WorkSpace Step 2+.

45

Encrypting Sensitive Data

Once the Preliminary CIDC Report has been restored and completed, it needs to be encrypted before uploading to the WorkSpace site. The WorkSpace site will reject any unencrypted CIDC Reports.

To encrypt the CIDC Report:

1. In WCA go to ‘6. Encrypt sensitive data.’ Upload the CIDC Report. Type in a password. Remember the password.

2. Click on ‘Encrypt File.’

3. Click on ‘Open Output Folder’ for the encrypted CIDC Report.

Once CIDC Report has been successfully encrypted, the file is ready for uploading to the WorkSpace site.

Note: WCA does not save passwords. If it is lost, The CIDC will have to be re-encrypted and resubmitted.

46

Support Resources

Online Documentation:✓ WorkSpace – Step 1 & WCA: https://www.mswstep1.com/learn✓ MAP: https://www.mswstep1.com/learn/MAP

Reach out to IAMSupport@microsoft.com for any questions regarding:✓ WorkSpace Step1 & WCA

47

Appendix 1-5REFER TO APPENDIX 1-5 FOR MORE INFORMATION ON HOW WORKSPACE-STEP 1 AND WORKSPACE COMPANION APP WORK

48

Appendix 1: Overview

Overview

The inventory processing service transforms hardware and software data points that have been collected from a variety of sources, into a consolidated report that details the Microsoft software present in the environment and the computer systems where it is installed. The data points are supplied as a set of one or more XML files known as Artifacts that are combined together in a Job that produces the inventory report.

49

Appendix 2: Artifacts and JobsArtifacts

Artifacts are data files that are produced by the WorkSpace Companion App (WCA) Connectors, PowerShell Collectors, or the Simple and Advanced Generic Templates. WCA contains WCA Connectors, PowerShell Collectors and Generic Templates for users to use to collect data from various data source. WCA Connectors and PowerShell Collectors allow an IT professional to run a variety of scripts to collect data from multiple database and directory sources, while the Generic Templates allow users to manually input data. Each script produces a data file, formatted as XML that can be inspected locally if desired before being uploaded as an Artifact to the WorkSpace - Step 1 web site.

Jobs

One or more Artifacts are submitted as a Job, which generates an inventory report. A Partner or Microsoft field representative does not need to combine all the uploaded Artifacts into a single report, but has the option to select a subset of available Artifacts and submit a Job that produces a report for that subset. The Job runs through the following phases:

◦ Establish the set of unique computers

◦ Establish Virtual Machine to Host relationships

◦ Establish which computers are in/out of scope

◦ Establish the target software inventory data

◦ Establish licensing information for installed software

◦ Generate the report

50

Appendix 3 : Reference Catalog and Unique Set of ComputersReference Catalog

The Job has access to a Reference Catalog that correlates software inventory with Microsoft license requirements. In the event that a Job encounters a piece of software inventory that cannot be correlated with the Reference Catalog, the Job continues and a preliminary report is generated that can be downloaded for review. A team of researchers maintains the Reference Catalog, and routinely updates it to accommodate newly discovered software. Once updated, the Job generates a final report and replaces the preliminary report on the WorkSpace - Step 1 web site.

Establish the unique set of computers

There are many scenarios where a specific computer system is referenced by multiple Artifacts, and in certain cases multiple times by the same Artifact. Additionally, different Artifacts can specify the same data points with different values (e.g. virtual host) and data points that tend to be specific to a certain type of Artifact (e.g. last logon time). To provide the optimal result, the Job synthesizes an inventory record for each computer system that factors in all the available information. Many factors are taken into consideration in establishing the unique set of machines and their properties, but in general the most recently discovered data points are the values reflected in the report.

51

Appendix 4: Virtual Machine to Host and In/Out of Scope ComputersEstablish Virtual Machine to Host relationship

There are many ways to identify a virtual machine, either explicitly through querying a virtual machine management system or indirectly by inspecting the chassis, model or manufacturer of the machine. The corresponding hosts may have been identified as hosts or may have simply been identified as Windows Servers, or in some cases they may not have been discovered at all. Once the unique set of computers has been identified, it is necessary to rationalize the references between hosts and guests described above to ensure consistent reporting.

Establish which computers are in/out of scope

The Job examines the data points in each Artifact, and will only mark a computer as Out of Scope if both the following are true:

◦ The computer has been active in the past

◦ The computer has not been active in the 30 days prior to WCA creating the Artifact data file

This approach effectively excludes computers specified by old Active Directory records, but does not exclude computers where no activity information is known.

52

Appendix 5: Software Inventory Data and Installed Software Licensing Information

Establish the target software inventory data

Once the set of computers that are considered In Scope has been determined, the Job identifies all the Microsoft software associated with each computer. This is primarily achieved by filtering on the publisher/vendor name of the software. Additionally, software associated with the computer operating system will be identified regardless of manufacturer

Establish licensing information for installed software

The Job correlates all the software inventory data supplied by the Artifacts for each computer with the Reference Catalog. The Reference Catalog supplies a standardized name for display in reports and also allows software from the same license family to be ranked, and a winner determined, when installed on the same computer.

53