MS Office 365 Reporting Tool

Having a functional Office 365 reporting tool is essential for all organisations. Systems are configured with an initial requirement of understanding. Over time changes are made, users are added and removed, technicians come and go. The longer a system is in operation, the more likely it is that your expectations of how it is configured and used differs from what is actually happening. The discrepancy between how you think things are configured vs how they are actually configured can come back with serious consequences if there is a misconfiguration that impacts security, or another issues which stops productivity.

CatchBefore offers an Office 365 reporting tool. The regular reports are specifically designed to minimise the risk of misunderstanding that can lead to serious consequences. The reports come with a simple easy to read executive cover-page, with further details and specifics in following pages. A simple report that is useful to both management and technical users.

Areas that should be reviewed on a regular basis:

  1. Your secure score. This is a security ranking given to you by Microsoft. You will also be given a maximum potential security score which will assist in understanding the level of protection you currently have. The higher the score, the better. Low scoring domains are at higher risk of being compromised.
  2. Your domains that are in use. It is not uncommon to see multiple domains attached to a tenancy. Make sure that the account contacts for the domains (including email) are correct, and access details secure. The renewal dates should be tracked to avoid unexpected interruptions. DNS accounts and access must also be kept secure.
  3. Key Tenancy information. This covers information such the registered organisation name, and the country in which your data is stored.
  4. Users summary. Only the required active users should be in the system, with old user accounts being archived and removed to keep the system tidy and avoid confusion. It is important to undertake a regular review to ensure that only required accounts are enabled.
  5. Multi-Factor Authentication (MFA) status. MFA is a fantastic security enhancement, but it must be enabled, enforced, and active (setup) for each user. Organisations may be under the impression that they have these steps covered, however a step may missed for some users, or you may have a new user added without MFA.
  6. Administrators list. It is important to understand which of your users have higher level of access. Roles and responsibilities often change within organisations, and it is important that administrative access is only granted to those users that need it.
  7. Administrator accounts with licenses attached. Administrator accounts should be dedicated to administrative tasks and not be used for day-to-day activities. A license attached to an Administrative account is a hint that it might be being used for day-to-day actives. This should be discouraged, as it is a security risk.
  8. Conditional access policies. Limiting access to only the locations required is an excellent way to improve security. This can be done at multiple levels (including restricting access to only specific countries). If you have no conditional access policies, then your tenancy is open to being accessed from anywhere in the world.
  9. Account quota status. Having an understanding of how much of your space allocation used is critical for capacity planning, and stopping a potential interruption to service if limits are hit. If space is running low, licenses may need to be upgraded or data archived to make space.
  10. Account activity information. Are you and all your users utilising the full range of software that has been made available? The account activity information covers important information, including the last date that users have been accessing email, OneDrive, and SharePoint.
  11. Log-in summaries. Successful authentications should be reviewed (by username, IP address and country). This is important to ensure that the logins are as expected, and not from a location that was not recognised.
  12. Microsoft 365 Alerts that require attention. Microsoft provides detailed Alert information. These should be checked, and actioned as required. Failure to take action on alerts may result in preventable service interruptions.
  13. Compromised user accounts. Users will often create external accounts, using their email address as the username. If one of these external accounts is involved in a data-breach, the password used on this service may be compromised. It is important that users understand where their details have been exposed, and if a password reset is advisable.

The regular reporting provided by CatchBefore gives you the insights to your tenancy that you may otherwise overlook. Don’t be caught off guard with an avoidable surprise. Contact our team for more information on how we can put you on the front foot.