Microsoft have finally added improved reporting to the Defender for Identity capabilities, with the implementation of four new reports.
To access, go to the Microsoft 365 Defender console (https://security.microsoft.com) > Settings > Identity > Report Management.
You'll be presented with;
Summary
Modifications to sensitive groups
Password exposed in clear text
Lateral movement paths to sensitive accounts
All of which can be manually downloaded for a specific time period or set to run at scheduled times (daily, weekly or monthly).
If scheduling, you can specify mailbox recipients accordingly.
Who would benefit from these reports?
Well it probably depends on your environment, but have a chat with your SecOps & Compliance Teams as they'd probably love to see this sort of data for their monthly reporting.
Comments