Sign up for Office 365
Learn more about Office 365
Audience: Office 365 Enterprise admins
Written by: Sanjeev Garg, Office 365 Senior Program Manager
Originally published to the Office 365 Preview blog.
As the administrator for the Office 365 service for your company, did you ever want to find out, how your users are using the services? How many users are active on email? Are there specific users who are receiving more malware than others?
You'll be able to answer these questions and more as we introduce you to the new reports we added in the next release of Office 365.
If you have not already done so, sign up for an Office 365 Consumer Preview for Enterprise account. When you login into the Office 365 Preview admin center, you’ll see reports in the left navigation menu.
When you click reports, you’ll see the overview page, which lists the available reports.. They’re grouped into categories. Each category contains a set of reports related to that specific area of Office 365. Click on a category to see a dashboard page or select any individual report.
There is a report dashboard for each category of reports. Here’s a picture of the Protection dashboard.
Each dashboard has the following sections:
The main chart is one of the most important charts in the category. You can interact with the main chart using the filters provided on the page. You can also use the time duration links below the main chart to view the report for different periods.
The related table is related to the main chart. In the picture above, the main chart (filtered inbound mail) shows the summary of the amount of email coming in, the related table (top recipients) shows the top 5 users receiving those emails. This helps you do a quick cause and effect analysis if you notice something unusual on the main chart. Related tables are provided only for those main charts that might require this additional insight.
Related charts are related to the category you have selected. These charts show a trend for the metric they are tracking. If you notice something unusual in the related chart, just click on it to swap its position with the main chart. Then you can look at a larger view of the chart and interact with it using the chart controls provided. It might also have its own related table, which you can use to get additional information.
These are additional reports related to the category you have selected. Click on the report title to see a detailed report view.
Here’s how to answer some common administration questions using the reporting dashboard.
Are your users actively using email?
We consider a mailbox active if a user has logged in at least once in the last 30 days. To view if your users are actively using email, go to the mail dashboard and view the mailbox login activity report. This report shows you the number of active users and the number of inactive users at different levels of inactivity.
How much spam is your company receiving? Which users receive the most spam?
Most spam never reaches your users' mailboxes, but let’s say you want to find out how much spam has been filtered out by Exchange Online Protection in the last 60 days.
To answer this question, go to the protection dashboard, and review the filtered inbound mail report. Change the duration of the report to 60 days using the 60d link below the chart. Now look at the spam series. Do you see something unusual?
To view the spam in more detail, click on the inbound spam filtered report in the right column. This report will give you the different ways the spam is filtered. In the table below the chart you can see the top 5 users who are receiving the spam.
Here’s a complete list and description of the reports available for each category.
These reports are about your mailboxes. This category includes the following reports:
Shows the number of active and inactive mailboxes. A mailbox is considered active if a user has accessed it at least once in the last 30 days. Inactive mailboxes are grouped by the number of days since the mailbox has been accessed.
Shows the number of active mailboxes, and the number of mailboxes created and deleted. A mailbox is considered active if a user has accessed it at least once in the last 30 days.
Shows the number of groups created and deleted.
These reports focus on how the Exchange Online Protection is protecting your users from all the bad stuff out there. You can also use these reports to fine tune your configurations for Exchange Online Protection. This category includes the following reports.
Shows inbound mail traffic, based on how the mail is filtered, such as spam, virus, and transport rules.
Shows a list of the mail recipients who have had the most mail delivered to them.
Shows outbound mail traffic, based on how the mail is filtered, such as spam, virus, and transport rules.
Shows a list of the mail senders who have sent the most mail.
Shows what spam was detected, sorted by spam filtering type.
Shows a list of the mail recipients who have received the most inbound spam.
Shows the inbound malware detections, grouped by action.
Shows a list of the recipients of the most inbound malware.
Shows a list of the most frequently detected malware.
Shows the outbound malware detections, grouped by action.
Shows outbound suspicious detections by spam filtering type.
Transport rules allow you to apply messaging policies to messages in the transport pipeline. Actions such as redirecting a message or adding recipients, rights-protecting messages, and rejecting or silently deleting a message can be taken on messages that match conditions you specify. The following reports show you the summary of the transport rules detected in the inbound and outbound email in your company.
Shows the transport rules detected in inbound mail, grouped by severity.
Shows a list of the transport rules detected most often in inbound mail.
Shows the transport rules detected in outbound mail, grouped by severity.
Shows a list of the transport rules detected most often in outbound mail.
DLP is an abbreviation for Data Loss Prevention. You can establish data loss prevention policies for your company to prevent sensitive data from being sent out of your company thru email. The following reports will show you a summary of DLP policies detected in the inbound and outbound email in your company.
Shows the data loss prevention (DLP) policies detected in inbound mail.
Show a list of the data loss prevention (DLP) policies detected most often in inbound mail.
Shows the data loss prevention (DLP) policies detected in outbound mail, as well as overrides (the user has sent the mail anyway despite DLP detection) and false positives (the user reports that a DLP detection was not a real detection).
Shows a list of data loss prevention (DLP) policies detected most often in outbound mail.
Shows the data loss prevention (DLP) policies detected in inbound mail, grouped by severity.
Shows a list of data loss prevention (DLP) policy rules detected most often in inbound mail.
Shows the data loss prevention (DLP) policies detected in outbound mail, grouped by severity.
Shows a list of data loss prevention (DLP) policy rules detected most often in outbound mail.
Leave us a comment and let us know what you think of these reports and what other reports you’d like to see.