Overview
The Microsoft 365 Targeted Security Report allows IT Administrators the ability to view security related activities and settings for a chosen account to confirm malicious activity and assist with identifying the scope of attack. This report should be used in supplement to the Microsoft 365 Targeted Security Notifications, whereby a user will flag identify suspicious activity to the IT Team for further investigation.
How it works
The report pulls data from the Microsoft 365 User Account Data and Activity Dataset and shows a snapshot of differences for a selected account between 2 selected dates. Information being shown includes
- Compromised third party accounts
- Login locations
- Bulk emails sent
- Granted and received mailbox permissions
- Granted full access permissions
- Added and delete devices
- Changes to account authentication policies
Requirements
To use this report, you will need to
- configure the Microsoft 365 User Account and Activity dataset
Getting started
To start using this template, perform the following:
-
Find and click on the tile labelled Microsoft 365 Report - User Account Security (Dashboard) template from the list of templates within the library
-
Select a workspace from the dropdown, a compatible Dataset and then click on Launch
Note - If there are no compatible datasets there will be a link to create one.
-
Provide a name for the dashboard, and optionally, a description, then click on Continue. The dashboard will be made available within a few minutes!
Targeted Security Report - Quick start
The Targeted Security Report shows the changes to the tenant for a selected tenant between selected dates.
Changing the User Principal Name and dates will update the contents of the report. Select a date range to narrow down the list of changes on the account to help identify suspicious activity.
Have an issue?
Post a comment in this article and someone will get back to you as soon as possible