= Office365 and Azure Top Reports = **Summary**: This post can be considered as your startpage for finding information in Office365 and Azure. As information can often be found in different ways and reports are scattered all over the different portals I found it useful to have a single page to start from when searching for specific information. . \\ **Date**: Around 2018 \\ **Refactor**: 8 March 2025: Checked links and formatting. \\ {{tag>o365 azure}} = Cloud App Security = Portal: https://portal.cloudappsecurity.com More information: [[o365cloudappsecurity]] Cloud App Security provides insight in: * Anomaly detection as mailbox forwarding, impossible travel distance and activities from countries that are not normal for your company * Files that are shared inside and outside your company * Consented information to Apps = Azure Portal = Portal: https://portal.azure.com == Overview Guest Accounts == Go to Azure Active Directory -> Manage -> Users -> Change show to "Guest users only" == Risk Events == Go to Azure Active Directory → Security → Risk Events > Note that these (partly) match the risk events from Cloud App Security == User Sign-Ins / Audit Logs / Logs == Go to Azure Active Directory → Monitoring → Sign-ins/Audit Logs > Sign Ins: Provides an overview of logons to Azure AD including Federated Applications > Audit Logs: Provides auditing of Azure AD. The download provides detailed information. Provide the adminaccount UPN in the actor field to check for modified users and or applications. Filter on targets to check if a specified user has been modified. == Intune App Protection - Users without Policy == * Go to Intune App Protection → monitor → App Protection Status * Click on Top Protected Apps for either iOS or Android * Set the platform to either iOS or Android, select the App (for example outlook) and set the status to unprotected = Office365 Admin Portal = Portal: https://portal.office.com == Overview Guest Accounts == Go to Users -> Guest Accounts == Overview Office 365 Groups - Owners - Activity - Members == * Go to Reports -> Usage * Click on the top button "Select a Report" * Go to Office 365 -> Groups Activity * At the details section, click on the horizontal three stripes next to group name and select the required fields as Group Owner, Members, External members. > Note that you won't see the Office365 groups that are created through the Teams interface == Service Health == * Go to Health -> Service Health The services statuses that are displayed can be retrieved by monitoring software: * -1 Unknown * 0 Service Operational * 1 Investigating * 2 False Positive * 3 Service Interruption * 4 Service Restoring * 5 Service Degradation * 6 Extended Recovery * 7 Service Restored * 8 PostIncident Report Published * 9 Additional Information = Exchange Admin Center = Portal: https://outlook.office365.com/ecp/ == Mailbox Access by Admins and Externals == * Go to Compliance Management → Auditing → Run a non-owner mailbox access report * By default the "search for access by" option is set to Administrators. You can change this to "All non-owners" to also see delegate access * Change the "search for access by" to external users to view the access of external accounts to mailboxes == Mailbox Configuration Changes == * Go to Compliance Management → Auditing → Run the admin audit log report > This provides an overview of all changes to mail objects as mailboxes, distribution lists and policies = Security & Compliance Center = Portal: https://protection.office.com == Insight Dashboard == * Go to Reports -> Dashboard > This dashboard provides a summary of what is happening at the moment == Alerts == * Go to alerts -> View Alerts This provides an overview of alerts that are being triggered by policies within the Security & Compliance Center: * Alert Policies: Alerts → Alerts policies * Data Loss Prevention: Data Loss Prevention → Policy == Mail Flow Message Trace == Go to Mail Flow -> Message Trace > By entering a specific sender and receiver you can see how much email traffic is being generated for these addresses. By leaving one of the fields empty you can check how much mail is receiver or sent for one account. == Audit Log Search == Go to Search & Investigate -> Audit Log Search > Need to find out if a user deleted a document or if an admin reset someone's password? Search the Office 365 audit log to find out what the users and admins in your organization have been doing. You'll be able to find activity related to email, groups, documents, permissions and directory services. = SharePoint Admin Center = Portal: https://COMPANY-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx == Overview sites - owners - url - hub site association == Go to Sites -> Active Sites = Teams & Skype for Business Admin Portal = Portal: https://admin.teams.microsoft.com == Overview Teams - External Access - Owners == * Go to Teams > You can immediately see the number of owners and external members. Select the team for more details. = PowerBi Admin Portal = Portal: https://app.powerbi.com/admin-portal/ == View Web Published Content == Go to Settings -> Manage Embed Codes = SecureScore = Portal: https://securescore.office.com/