Microsoft 365 provides user account information across a variety of subsystems including Office 365, Azure AD and Exchange Online. To get a snapshot of settings and permissions on user accounts that may potentially pose a security risk requires hours of manual work.
By using the Voleer Microsoft 365 User Account Security Assessment, user account information can be extracted on an adhoc basis or scheduled to run periodically for review by security information workers to prevent unauthorized access and malicious activity to your Microsoft 365 tenant.
This template will retrieve data across Microsoft 365 and third-party security provider HaveIBeenPwned to generate a report detailing information including
Identifying potentially compromised accounts and suspicious login activity
Mailbox permissions and settings that may pose a security threat
Providing an overview of authentication methods and active vs inactive users
Read article User Account Security Assessment for more information.
To use this report, you will need to
- configure the User Account Data and Activity dataset
To start using this template, perform the following:
Find and click on the tile labelled Microsoft 365 Report - User Account Security (Excel) template from the list of templates within the library
Select a workspace from the dropdown, a compatible Dataset and then click on Launch
Note - If there are no compatible datasets there will be a link to create one.
Configure the template options, then click on Validate Template Configuration
Note - Section 2: Accounts, Option 3: Filter using SQL query string allows advanced selection of user accounts based on fields and operators.
For example, using the string JobTitle = ‘%Sales%’ will include all users with the word Sales in their job title.
Multiple of operators can be combined with AND and OR statements to further refine the records being included. For example, JobTitle = ‘%Sales%’ AND Country = ‘United States’ will include users with the word Sales in their job title who are located in the United States.
The dataset can be filtered via the following fields:
Provide a valid email address for notifications, then click on Validate Template Configuration
Validate the details of the configuration and then click on Execute. Note - if the configuration is incorrect, cancel the run and start a new instance
Once completed, you will receive an email with a copy of the report (if configured). Clicking on the details of the run link will bring you back into Voleer, allowing you to save the template configuration and schedule the template as a recurring job
Post a comment in this article and someone will get back to you as soon as possible