Summary: This post can be considered as your startpage for finding information in Office365 and Azure. As information can often be found in different ways and reports are scattered all over the different portals I found it useful to have a single page to start from when searching for specific information. .
Date: Around 2018
Refactor: 8 March 2025: Checked links and formatting.

Portal: https://portal.cloudappsecurity.com More information: Office 365 Cloud App Security

Cloud App Security provides insight in:

• Anomaly detection as mailbox forwarding, impossible travel distance and activities from countries that are not normal for your company
• Files that are shared inside and outside your company
• Consented information to Apps

Portal: https://portal.azure.com

Go to Azure Active Directory → Manage → Users → Change show to “Guest users only”

Go to Azure Active Directory → Security → Risk Events

Note that these (partly) match the risk events from Cloud App Security

Go to Azure Active Directory → Monitoring → Sign-ins/Audit Logs

Sign Ins: Provides an overview of logons to Azure AD including Federated Applications

Audit Logs: Provides auditing of Azure AD. The download provides detailed information. Provide the adminaccount UPN in the actor field to check for modified users and or applications. Filter on targets to check if a specified user has been modified.

• Go to Intune App Protection → monitor → App Protection Status
• Click on Top Protected Apps for either iOS or Android
• Set the platform to either iOS or Android, select the App (for example outlook) and set the status to unprotected

Portal: https://portal.office.com

Go to Users → Guest Accounts

• Go to Reports → Usage
• Click on the top button “Select a Report”
• Go to Office 365 → Groups Activity
• At the details section, click on the horizontal three stripes next to group name and select the required fields as Group Owner, Members, External members.

Note that you won't see the Office365 groups that are created through the Teams interface

• Go to Health → Service Health

The services statuses that are displayed can be retrieved by monitoring software:

• -1 Unknown
• 0 Service Operational
• 1 Investigating
• 2 False Positive
• 3 Service Interruption
• 4 Service Restoring
• 5 Service Degradation
• 6 Extended Recovery
• 7 Service Restored
• 8 PostIncident Report Published
• 9 Additional Information

Portal: https://outlook.office365.com/ecp/

• Go to Compliance Management → Auditing → Run a non-owner mailbox access report
• By default the “search for access by” option is set to Administrators. You can change this to “All non-owners” to also see delegate access
• Change the “search for access by” to external users to view the access of external accounts to mailboxes

• Go to Compliance Management → Auditing → Run the admin audit log report

This provides an overview of all changes to mail objects as mailboxes, distribution lists and policies

Portal: https://protection.office.com

• Go to Reports → Dashboard

This dashboard provides a summary of what is happening at the moment

• Go to alerts → View Alerts

This provides an overview of alerts that are being triggered by policies within the Security & Compliance Center:

• Alert Policies: Alerts → Alerts policies
• Data Loss Prevention: Data Loss Prevention → Policy

Go to Mail Flow → Message Trace

By entering a specific sender and receiver you can see how much email traffic is being generated for these addresses. By leaving one of the fields empty you can check how much mail is receiver or sent for one account.

Go to Search & Investigate → Audit Log Search

Need to find out if a user deleted a document or if an admin reset someone's password? Search the Office 365 audit log to find out what the users and admins in your organization have been doing. You'll be able to find activity related to email, groups, documents, permissions and directory services.

Portal: https://COMPANY-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx

Go to Sites → Active Sites

Portal: https://admin.teams.microsoft.com

• Go to Teams

You can immediately see the number of owners and external members. Select the team for more details.

Portal: https://app.powerbi.com/admin-portal/

Go to Settings → Manage Embed Codes

Portal: https://securescore.office.com/