Analyze Reports in Office 365

Auditing Reports

 

There are severalauditing reports available in the Reports menu of the Office 365 admin center.These reports can be found in the overview section under auditing.

 

Mailbox Access by Non-Owners Report

 

This report returnsa list of mailboxes that have been accessed by someone other than the owner ofthe mailbox. The audit log that report is generated from logs information suchas the person accessing the mailbox, when they accessed it, what actions theyperformed, and whether their actions where successful or not.

 

To run the MailboxAccess by Non-owners report:

 

1. In the Office 365 admin center, in the left menu, click reports.
2. At the bottom of the overview page, under auditing, click mailbox access by non-owners.
3.  In the Start date boxes, specify a start date for the report.
4. In the End date boxes specify an end date for the report.
5. Then do one of the following:
   • Click select mailboxes and select which mailboxes to search.
   • Leave the field blank to search all mailboxes.
6. Under Search for access by, click the drop-down list and select one of these options:
   • All non-owners
   • External users
   • Administrators and delegated users
   • Administrators
7. Click search.
8. The results are returned in the Search results window.

 

Role Group Changes Report

 

Thisreport returns a list of all the changes made to the Office 365 role groups byadministrators in your organization.The audit log that this report is generated from logs information about whomade the change, when they didit, and what the change was.

 

To runthe Role Group Changes report:

 

1.  In the Office 365 admin center, in the left menu, click reports.
2. At the bottom of the page, under auditing, click role group changes.
3. In the Start date boxes, specify a start date for the report.
4. In the End date boxes specify an end date for the report.
5. Then do one of the following:
   • Click select role groups and select the role groups to search.
   • Leave the field blank to search all role groups.
6. Click search.
7. The results are returned in the window at the bottom of the page.

 

Mailbox Content Search and Hold Report

 

Thisreport returns a list of all the mailboxes that have been put on, or removedfrom In-Place Hold or In- PlaceeDiscovery using the In-Place eDiscovery and Hold feature. The audit log thatthis report is generated fromlogs information about who put the mailbox on hold, and when they did it.

 

To runthe Mailbox Content Search and Hold report:

 

1. In the Office 365 admin center, in the left menu, click reports.
2. At the bottom of the page, under auditing, click mailbox content search and hold.
3. In the Start date boxes, specify a start date for the report.
4. In the End date boxes specify an end date for the report.
5. Click search.
6. The results are returned in the Search results window.

 

 

Mailbox Litigation Holds Report

 

Thisreport returns a list of all changes made to per-mailbox litigation holds. Theaudit log that this report isgenerated from logs information about who enabled or disabled litigation holdon a mailbox, and when they didit.

 

To runthe Mailbox Litigation Holds report:

 

1. In the Office 365 admin center, in the left menu, click reports.
2. At the bottom of the page, under auditing, click mailbox litigation holds.
3. In the Start date boxes, specify a start date for the report.
4. In the End date boxes specify an end date for the report.
5. Then do one of the following:
   • Click select users and select which users’ mailboxes to search.
   • Leave the field blank to search all users’ mailboxes.
6. Click search.
7. The results are returned in the Search results window.

 

Note: For all of these auditing reports you can click the 7 (printer) icon to print the resulting reports.

 

Mail and Protection Reports

 

Thereports menu of the Office 365 admin center provides access to several mail and protection reports.

 

Mail Reports

 

Thereare several mail-related reports available under the mail section of the reports menu in the Office 365 admin center, including:

 

• Active and inactive mailboxes. This report shows the number of active and inactive mailboxes over a period of time. A mailbox is considered inactive if a user has not accessed it for more than 30 days.
• New and deleted mailboxes. This report shows the number of active, new, and deleted mailboxes.
• New and deleted groups. This report shows the number of groups created and deleted.
• Mailbox usage. This report shows the total number of mailboxes, inactive mailboxes, mailboxes which have exceeded their storage quota, and mailboxes which are currently using less than a quarter of their storage quota.
• Types of mailbox connections. This report shows the number of mailbox connections made over time, which are then grouped by connection type, such as POP3, IMAP, and OWA.

 

Allthese reports are displayed as charts and provide a link to view each chart asa table instead. Some of themhave clickable links which display the information on a daily, weekly, monthly,or yearly basis.

 

Protection Reports

 

Thereare several protection-related reports available under the protection sectionof the reports menu in theOffice 365 admin center, including:

• Received mail. This report shows mail that has been received, grouped by type of traffic, such as good mail, spam, malware, transport rules, and DLP policy. It also displays a list of top mail recipients, showing the recipient’s email address and count of emails received.
• Sent mail. This report shows mail that has been sent, grouped by type of traffic, such as good mail, spam, malware, transport rules, and DLP policy. It also displays a list of top mail senders, showing the sender’s email address and count of emails sent.
• Received spam. This report shows what spam has been detected, grouped by spam filtering type, such as SMTP blocked, IP blocked, and Content filtered. It also displays a list of top spam recipients, showing each recipient’s email address and count of spam emails received.
• Malware detection in received mail. This report shows the number of malware detections in received mail, before the malware action was applied. It also displays a list of top malware recipients, showing each recipient’s email address and count of malware received.
• Malware detection in sent mail. This report shows the number of malware detections in sent mail, before the malware action was applied.
• Top malware. This report shows a list of the most frequently-detected malware. Sent spam. This report shows sent mail that is suspected of being spam, grouped by filtering type, such as SMTP blocked, and content filtered.

 

Allof these reports are displayed as charts and provide a link to view each chartas a table instead. They alsoall have clickable links to enable the chart to display the information over seven-day, 14-day, 30-day, or 60-day periods

 

Mail Protection Reports for Office 365

 

Onthe reports page of the Office 365 admin center, under download your reports, there is a Mail protection reports (Excel) link whichenables administrators todownload mail protection reports for Office 365. The link opens a webpage on the Microsoft Download Center, where you can download the Microsoft Office 365 ExcelPlugin for Exchange OnlineReporting. The download is packagedas an MSI file, and there are 32-bit and 64-bit versions that can be downloaded.

 

Thedownload installs an Excel 2013 reporting workbook which provides a comprehensive view of the email protection information that isalso available in the reports menu of the Office 365 admin center.

 

Todownload and install the workbook:

 

1. Navigate to http://www.microsoft.com/en-us/download/details.aspx?id=30716.
2. Click Download.
3. Select the check box for the version you want to download.
4. Click Next.
5. Save the file to a location of your choice.
6. Browse to the location where you saved the MSI file and double-click it.
7. On the welcome page, click Next.
8. Select the I accept the terms in the License Agreement check box, and click Next.
9. Select one of the following:
   • Microsoft Exchange Online
   • Microsoft Exchange Online Protection
10. Click Next.
11. On the prerequisites page, click Next.
12. Click Install.
13. Click OK.
14. Click Finish.

 

To usethe Mail Protection Reports workbook for Office 365:

 

1. On the desktop, double-click the Mail Protection Reports for Office 365 shortcut.
2.  On the Microsoft Office Customization Installer page, click Install.
3. Select one of the worksheet tabs in the workbook and click the Query button in the worksheet.
4. Enter your Office 365 credentials and click Login.
5. In the Query dialog box, select a time interval and click OK.
6. On the Progress page, when it completes, click OK.

 

Theworkbook contains summary graphs for various types of email message filteringand includes information aboutmessages that have been identified as either good mail, spam, or malware. Italso displays graphs formessages that were identified by either a transport rule or Data LossPrevention (DLP) policy.

 

Youcan also employ data slicers in Excel 2013 to perform deeper analysis of thedata. If you notice specifictrends or unusual activities in the data, you can drill down further into the report by running queries on the other detailed tabs in theworkbook and viewing more detailed information about the messages themselves.