SHIFT

--- Sjoerd Hooft's InFormation Technology ---

User Tools

Site Tools


Sidebar

Recently Changed Pages:

View All Pages


View All Tags


LinkedIn




WIKI Disclaimer: As with most other things on the Internet, the content on this wiki is not supported. It was contributed by me and is published “as is”. It has worked for me, and might work for you.
Also note that any view or statement expressed anywhere on this site are strictly mine and not the opinions or views of my employer.


Pages with comments

View All Comments

o365topreports

Office365 and Azure Top Reports

This page can be considered as your startpage for finding information in Office365 and Azure. As information can often be found in different ways and reports are scattered all over the different portals I found it useful to have a single page to start from when searching for specific information.

Cloud App Security

Portal: https://portal.cloudappsecurity.com More information: Cloud App Security

Cloud App Security provides insight in:

  • Anomaly detection as mailbox forwarding, impossible travel distance and activities from countries that are not normal for your company
  • Files that are shared inside and outside your company
  • Consented information to Apps

Azure Portal

Overview Guest Accounts

Go to Azure Active Directory → Manage → Users → Change show to “Guest users only”

Risk Events

Go to Azure Active Directory → Security → Risk Events

Note that these (partly) match the risk events from Cloud App Security

User Sign-Ins / Audit Logs / Logs

Go to Azure Active Directory → Monitoring → Sign-ins/Audit Logs

Sign Ins: Provides an overview of logons to Azure AD including Federated Applications


Audit Logs: Provides auditing of Azure AD. The download provides detailed information. Provide the adminaccount UPN in the actor field to check for modified users and or applications. Filter on targets to check if a specified user has been modified.

Intune App Protection - Users without Policy

  • Go to Intune App Protection → monitor → App Protection Status
  • Click on Top Protected Apps for either iOS or Android
  • Set the platform to either iOS or Android, select the App (for example outlook) and set the status to unprotected

Office365 Admin Portal

Overview Guest Accounts

Go to Users → Guest Accounts

Overview Office 365 Groups - Owners - Activity - Members

  • Go to Reports → Usage
  • Click on the top button “Select a Report”
  • Go to Office 365 → Groups Activity
  • At the details section, click on the horizontal three stripes next to group name and select the required fields as Group Owner, Members, External members.
Note that you won't see the Office365 groups that are created through the Teams interface

Service Health

  • Go to Health → Service Health

The services statuses that are displayed can be retrieved by monitoring software:

  • -1 Unknown
  • 0 Service Operational
  • 1 Investigating
  • 2 False Positive
  • 3 Service Interruption
  • 4 Service Restoring
  • 5 Service Degradation
  • 6 Extended Recovery
  • 7 Service Restored
  • 8 PostIncident Report Published
  • 9 Additional Information

Exchange Admin Center

Mailbox Access by Admins and Externals

  • Go to Compliance Management → Auditing → Run a non-owner mailbox access report
  • By default the “search for access by” option is set to Administrators. You can change this to “All non-owners” to also see delegate access
  • Change the “search for access by” to external users to view the access of external accounts to mailboxes

Mailbox Configuration Changes

  • Go to Compliance Management → Auditing → Run the admin audit log report
This provides an overview of all changes to mail objects as mailboxes, distribution lists and policies

Security & Compliance Center

Insight Dashboard

  • Go to Reports → Dashboard
This dashboard provides a summary of what is happening at the moment

Alerts

  • Go to alerts → View Alerts

This provides an overview of alerts that are being triggered by policies within the Security & Compliance Center:

  • Alert Policies: Alerts → Alerts policies
  • Data Loss Prevention: Data Loss Prevention → Policy

Mail Flow Message Trace

Go to Mail Flow → Message Trace

By entering a specific sender and receiver you can see how much email traffic is being generated for these addresses. By leaving one of the fields empty you can check how much mail is receiver or sent for one account.

Go to Search & Investigate → Audit Log Search

Need to find out if a user deleted a document or if an admin reset someone's password? Search the Office 365 audit log to find out what the users and admins in your organization have been doing. You'll be able to find activity related to email, groups, documents, permissions and directory services.

SharePoint Admin Center

Overview sites - owners - url - hub site association

Go to Sites → Active Sites

Teams & Skype for Business Admin Portal

Overview Teams - External Access - Owners

  • Go to Teams
You can immediately see the number of owners and external members. Select the team for more details.

PowerBi Admin Portal

View Web Published Content

Go to Settings → Manage Embed Codes

SecureScore

Resources

You could leave a comment if you were logged in.
o365topreports.txt · Last modified: 2021/09/24 00:25 (external edit)