Blog Post

Microsoft Defender for Office 365 Blog
3 MIN READ

Improving the reporting experience in Microsoft Defender for Office 365

FaithEbenezerOquong's avatar
Sep 20, 2021

We place a high priority on our customers trust in Microsoft Defender for Office 365 and we know that to earn that trust, we need to take measures to make it seamless for SecOps professionals to assess the security of their Office 365 with a reporting tool that supports a data rich environment. Customizable filters and consistent reporting of email security details are essential in the cyber security space where malicious and credential phishing emails are the #1 attack vector used by bad actors.

 

That’s why we’re bringing you an improved reporting experience in Microsoft Defender for Office 365. These new reporting features and improvements will help refine SecOps professional’s workflows when assessing Office 365 security effectiveness. Some of those features and improvements include:

  • Retirement of outdated reports
  • Revamp of legacy data computation logic   
  • Addition of new filtering attribute
  • Data oriented email detail panel

 

New evolved reporting

After receiving feedback from our customers, we’ve decided to make the reporting experience easier by consolidating a few existing reports and adding new views to the threat protection status report and the Mail flow status report. As a result, we’re launching a new spam view in the threat protection status report. We've also updated the mail flow status report, which will make the report easier to visualize, and will be available later this month. Deprecated reports include the malware email detection report, the spam report, the safe attachment file types, and deposition report, the sent and received email report, and the URL trace report that previously lived in the exchange admin center. Below you’ll find screenshots of what some of the new views will look like.

 

 

Figure 1: Previous Funnel view

 

 

Figure 2: New "Sankey” view in Mailflow status report (coming soon)

 

 

Figure 3: New spam view in the threat protection status report 

 

 

Addition of new filtering attributes

In order for SecOps to focus the scope of their assessment with a lot more granularity, we are providing security professionals the ability to filter data by organization domain, policy type and name, priority account user tag, recipient address and email directionality (inbound and outbound).  Check out the screenshot highlighting the addition of this new filtering attribute below.

 

Figure 4: New filtering attributes in the Threat protection status report

 

 

Data oriented email detail panel

Earlier this year we launched the email entity page, which gives SecOps a 360-degree view of an email, putting all the relevant details in the hands of the analyst. We are now replacing the email details panel in the threat protection status report with a panel that provides the same in-depth view of each email, which will bolster SecOps confidence in their day-to-day assessment. You can view how much simpler the new details flyout is in the screenshot below.

 

Figure 5: Email summary in the threat protection status report 

 

 

Stay tuned!

We’re continuing to improve the reporting experience and workflow for security teams. A few improvements you can expect to see in the coming months include a greater than 90-day data retention period, and PowerBI and reporting API integration. We’re excited to offer this enhanced reporting experience for customers to better assess email security trends within their business over time.

 

Do you have questions or feedback about Microsoft Defender for Office 365? Engage with the community and Microsoft experts in the Defender for Office 365 forum.

Updated Aug 04, 2022
Version 3.0
  • Silver_Falcon's avatar
    Silver_Falcon
    Copper Contributor

    Tech View of the Mail Flow status report was key for our reporting purpose. We would like to get the same data points in a report or by running a powershell command.. Pls advise.

  • Will be there some guidance how to look to new reports when we want find the data same as in old one? For example for the URL reports?

  • Craig Harris's avatar
    Craig Harris
    Brass Contributor

    looking forward to new and more accurate reporting in 365 soon, reporting seems to have recovered over the weekend again in multiple tenants

  • PJR_CDF's avatar
    PJR_CDF
    Iron Contributor

    Great to see these improvements.

     

    The reporting in MDO has always been a weak point and these improvements coupled with the future Power BI and API integrations look great!!!

  • Craig Harris's avatar
    Craig Harris
    Brass Contributor

    whatever happened in reporting last week behind the scenes seem to have severely broken reporting accuracy under Vulnerability management > Software Inventory > Windows 10 across multiple tenants at security.microsoft.com

     

    Seeing 0 exposed devices out of 100 installed devices where I know there are at least a couple needing reboots for this months patching doesn't look right - please fix asap!