Dear All,

I have a client who have a requirements of detailed reports inquiry in all of their Office managed services and Azure Infrastructure. 

We would like to know if Azure Sentinel can fill these requirements, I am going to detail some of these requirements but the list is longer than this. 

If Sentinel can't do this on its own, Can you please suggest me to anything that can be integrated with Sentinel in order to properly finalize these requirements as needed? 

Below are the details

A company is using Office 365 with Federated Identities (Azure AD Connect +
ADFS) having a single UPN suffix @company.com for all company and downstream company
users. Office 365 tenant name: company.onmicrosoft.com.

Azure AD SSPR is in place with password write-back capability and applied to all users. All mailboxes are hosted in Office 365 only, and NO on-prem mailboxes exists. HCW was never run in this setup, so hybrid Exchange doesn’t exist.

Only an Exchange 2016 on-premises server was installed recently to manage remote Office 365 mailboxes in a supported way, due to the change in objects source of authority after Azure AD Connect introduction.

Skype for Business hybrid doesn’t exists. Hence, all users are only using Skype for Business Online as the UC system in this Office 365 setup. Office 365 Groups, Teams, Yammer & Planner will soon be
introduced corporate wide.

All company users are using and expected to use E5 Enterprise Non-Conferencing PSTN and E5 EM+S licenses.

High Level Requirement:

The Company is looking for a cost effective and secure SaaS based cloud solution that can
provide historical and real-time reports about Office 365 applications usage, trends, data,
optimization and traffic. The provided solution must have unlimited storage and
indefinite reports retention period, as opposed to 180-day limit in current Office 365
subscription, and provide additional support in combining two or more reports in case a
particular report is not available for all of the following report types.

Office 365 General Reports:

a. Provides view and reports about Office 365 Service Status & Maintenance Events.
b. Licenses and Subscriptions view and reports
c. Provide reports to monitor adoption of services or identify where a user is licensed
for a service they’re not using
d. Provides view and reports about full visibility of Office 365 license types with full
breakdown of license by user and license by service.
e. Interactive chart of current subscriptions, including when they were first purchased
f. Trend line of the various licenses showing usage growth and also some daily details
g. Pie charts showing licenses by service type within the tenant.
h. Complete list of all users and what licenses they have applied to them

i. List of users who do not have any Office 365 license applied to them and since
when
j. Chart of types of Office 365 ProPlus activation and a table for activation
k. Provides historical and real-time full inventory of all Office 365 applications,
services, configurations and usage
l. Provide reports to identify users or groups with low service usage, and use this
information to develop targeted training and resources
m. Provide reports that help with capacity planning with a full breakdown of Office
n. 365 license subscriptions by user, by service, as well as tracking usage over time
o. Provides view and reports about who has administrative rights to Company’s Office
365 environment to identify if there are users who have the wrong or obsolete
access.