Overview

The Microsoft 365 User Account Security Power BI report allows IT Administrators an easy to way to identify changes on their Microsoft 365 tenant that may indicate possible compromised activity.

image1536×838 206 KB

How it works

The Power BI report pulls data from the Microsoft 365 User Account Data and Activity Dataset and shows a snapshot of differences between 2 selected dates. Information being shown includes

• Compromised third party accounts
• Login locations
• Bulk emails sent
• Granted and received mailbox permissions
• Granted full access permissions
• Added and delete devices
• Changes to account authentication policies
• Account inactivity

Requirements

To use this Power BI Report, you will need to

• configure the Microsoft 365 User Account and Activity dataset
• download and install Power BI Desktop
• download the User Account Security Power BI Report file
• connect the Microsoft 365 User Account and Activity dataset to the User Account Security Power BI report

Connecting the dataset to the Power BI report

1. Sign into Voleer and navigate to Workspaces, select the workspace that contains the Microsoft 365 User Account and Activity dataset, then Datasets, the select the name of the dataset
   
   

   image1096×323 22.4 KB
2. Click on Get Connection String
   
   

   image891×182 14 KB
3. Click on the Copy button
   
4. Open up a text editor and paste the clipboard contents. The strings to note are Data Source, Initial Catalog, User ID, and Password
   
5. Download and Open the User Account Security Power BI file
6. Along the navigation bar, click on Transform data > Data source settings
   
7. Click on Change Source…
   
8. In the Server box, type in the Data Source value from step 4 (i.e. the text after the ‘=’ character and before the ‘;’ character)
9. In the Database box, type in the Initial Catalog value. Click on OK
   
10. Click on Edit Permissions…, then Edit
    
    

    image412×546 49.6 KB
11. Click on Database, then enter in the User ID and password for the boxes User name and password. Click Save.
    
12. Close all open dialogs by click on Ok then Close
13. Click on Apply Changes
    
14. Wait for Power BI to process all data from your dataset

User Account Security Report - Quick start

The User Account Security Report shows the changes to the tenant between selected dates.

Changing the dates will update the contents of the report. The dashboard is constructed in such a way that allows the reader to identify quickly if action is required on the tenant. For example, a number in box Accounts Compromised would prompt immediate action to identify which account needs to be blocked.

image1112×163 61.3 KB

Or a spike in failed logins would also be subject to further investigation

Further confirmation of activity can then be completed by reviewing the detailed information within the associated pages