The Microsoft 365 Targeted Security Report allows IT Administrators the ability to view security related activities and settings for a chosen account to confirm malicious activity and assist with identifying the scope of attack. This report should be used in supplement to the Microsoft 365 Targeted Security Notifications, whereby a user will flag identify suspicious activity to the IT Team for further investigation.
The report pulls data from the Microsoft 365 User Account Data and Activity Dataset and shows a snapshot of differences for a selected account between 2 selected dates. Information being shown includes
- Compromised third party accounts
- Login locations
- Bulk emails sent
- Granted and received mailbox permissions
- Granted full access permissions
- Added and delete devices
- Changes to account authentication policies
To use this report, you will need to
- configure the Microsoft 365 User Account and Activity dataset
To start using this template, perform the following:
Find and click on the tile labelled Microsoft 365 Report - User Account Security (Dashboard) template from the list of templates within the library
Select a workspace from the dropdown, a compatible Dataset and then click on Launch
Note - If there are no compatible datasets there will be a link to create one.
Provide a name for the dashboard, and optionally, a description, then click on Continue. The dashboard will be made available within a few minutes!
The Targeted Security Report shows the changes to the tenant for a selected tenant between selected dates.
Changing the User Principal Name and dates will update the contents of the report. Select a date range to narrow down the list of changes on the account to help identify suspicious activity.
Post a comment in this article and someone will get back to you as soon as possible