The Microsoft 365 User Account Security Power BI report allows IT Administrators an easy to way to identify changes on their Microsoft 365 tenant that may indicate possible compromised activity.
The Power BI report pulls data from the Microsoft 365 User Account Data and Activity Dataset and shows a snapshot of differences between 2 selected dates. Information being shown includes
- Compromised third party accounts
- Login locations
- Bulk emails sent
- Granted and received mailbox permissions
- Granted full access permissions
- Added and delete devices
- Changes to account authentication policies
- Account inactivity
To use this Power BI Report, you will need to
- configure the Microsoft 365 User Account and Activity dataset
To start using this template, perform the following:
Find and click on the tile labelled Microsoft 365 Report - User Account Security (Dashboard) template from the list of templates within the library
Select a workspace from the dropdown, a compatible Dataset and then click on Launch
Note - If there are no compatible datasets there will be a link to create one.
Provide a name for the dashboard, and optionally, a description, then click on Continue. The dashboard will be made available within a few minutes!
The User Account Security Report shows the changes to the tenant between selected dates.
Changing the dates will update the contents of the report. The dashboard is constructed in such a way that allows the reader to identify quickly if action is required on the tenant. For example, a number in box Accounts Compromised would prompt immediate action to identify which account needs to be blocked.
Or a spike in failed logins would also be subject to further investigation
Further confirmation of activity can then be completed by reviewing the detailed information within the associated pages
Post a comment in this article and someone will get back to you as soon as possible