Microsoft 365 Report - User Account Security (Excel)


Microsoft 365 provides user account information across a variety of subsystems including Office 365, Azure AD and Exchange Online. To get a snapshot of settings and permissions on user accounts that may potentially pose a security risk requires hours of manual work.

By using the Voleer Microsoft 365 User Account Security Assessment, user account information can be extracted on an adhoc basis or scheduled to run periodically for review by security information workers to prevent unauthorized access and malicious activity to your Microsoft 365 tenant.

How it works

This template will retrieve data across Microsoft 365 and third-party security provider HaveIBeenPwned to generate a report detailing information including

  • Identifying potentially compromised accounts and suspicious login activity

  • Mailbox permissions and settings that may pose a security threat

  • Providing an overview of authentication methods and active vs inactive users

Read article User Account Security Assessment for more information.


To use this report, you will need to

Getting started

To start using this template, perform the following:

  1. Sign in to your Voleer account or sign up for a new account

  2. Find and click on the tile labelled Microsoft 365 Report - User Account Security (Excel) template from the list of templates within the library

  3. Select a workspace from the dropdown, a compatible Dataset and then click on Launch
    Note - If there are no compatible datasets there will be a link to create one.

  4. Configure the template options, then click on Validate Template Configuration

    Note - Section 2: Accounts, Option 3: Filter using SQL query string allows advanced selection of user accounts based on fields and operators.
    For example, using the string JobTitle = ‘%Sales%’ will include all users with the word Sales in their job title.
    Multiple of operators can be combined with AND and OR statements to further refine the records being included. For example, JobTitle = ‘%Sales%’ AND Country = ‘United States’ will include users with the word Sales in their job title who are located in the United States.
    The dataset can be filtered via the following fields:

  • UserPrincipalName
  • DisplayName
  • JobTitle
  • MobilePhone
  • PostalCode
  • Department
  • Country
  • City
  • State
  1. Provide a valid email address for notifications, then click on Validate Template Configuration

  2. Validate the details of the configuration and then click on Execute. Note - if the configuration is incorrect, cancel the run and start a new instance

  3. Once completed, you will receive an email with a copy of the report (if configured). Clicking on the details of the run link will bring you back into Voleer, allowing you to save the template configuration and schedule the template as a recurring job


Have an issue?

Post a comment in this article and someone will get back to you as soon as possible