Report created for Acestara on Thursday 30 March 2023 at 1:47 PM
Microsoft 365 Security Report
 Dashboard
 Admins
 Users
 Licenses
 Mailbox Access
 Mobile Devices
 Contacts
 Resources
 Groups
 Forwarding
 Transport Rules
 Inbox Rules
 Conditional Access
 Action Points
 Glossary of Terms
Company Information  
NameTechnical E-mailTelephone Number
Acestara[email protected]01218090309
 
Tenant wide options  
Unified Audit LogSecurity defaultsDays until password expiry
EnabledUnknown730
Authentication Methods  
Active SyncPOPIMAPMAPISMTPOAuth2
EnabledEnabledEnabledEnabledEnabledEnabled
 
MFA conditional access policies  
NameIDUsers includedUsers excludedGroups includedGroups excludedRoles includedRoles excludedState
SecurityPolicy15a4c8f90-21b4-46d9-9f4f-15bb6e7decab[email protected], [email protected]a82038a9-ee9f-43d0-b82c-eed88b7d940c>MarketingBilling Administratorenabled
 
Global Administrators  
Admin RoleNameMFA StatusIs LicensedIs BlockedE-mail Address
Global AdministratorBert DirthaEnforcedyesno[email protected]
Global AdministratorJennifer AurelliDisablednono[email protected]
Global AdministratorQuinn EvansDisabledyesno[email protected]
Global AdministratorAndrew testEnabled (CA)nono[email protected]
Global AdministratortempaccountDisablednono[email protected]
Global AdministratorAndrew Demo Admin accountEnforcednono[email protected]
Domains  
Domain NameVerification StatusDefaultDKIM enabled
acestara.onmicrosoft.comVerifiedNoEnabled
acestara.comVerifiedYesDisabled
 
Azure AD registered applications  
Information
Information: No azure AD registered applications were found.
 
Enterprise AD registered applications  
NameAppIDCreated on
Microsoft Graph PowerShell14d82eec-204b-4c2f-b7e8-296a70dab67e2022/10/20 10:58
Nine for Office 365516e4bcb-86da-4cfe-92cb-435c1e8dbf712022/09/11 09:42
 
Users with Strong Password Enforcement Disabled  
Information
Information: No Users were found with Strong Password Enforcement disabled
Users with password expiry policy disabled  
NamePrimary Email AddressIs LicensedMFA StatusPassword Expiry Policy
Bert Dirtha[email protected]TrueEnforcedNever Expires
Ben Dover[email protected]TrueEnforcedNever Expires
Role Assignments  
Admin RoleNameMFA StatusIs LicensedIs BlockedE-mail Address
Billing AdministratorAndrew testEnabled (CA)nono[email protected]
Billing AdministratorEquipmentEnforcednono[email protected]
Exchange AdministratorMark PottsDisablednono[email protected]
Exchange AdministratorRalph HigginsEnablednono[email protected]
Global AdministratorBert DirthaEnforcedyesno[email protected]
Global AdministratorJennifer AurelliDisablednono[email protected]
Global AdministratorQuinn EvansDisabledyesno[email protected]
Global AdministratorAndrew testEnabled (CA)nono[email protected]
Global AdministratortempaccountDisablednono[email protected]
Global AdministratorAndrew Demo Admin accountEnforcednono[email protected]
Groups AdministratorMark PottsDisablednono[email protected]
Helpdesk AdministratorRalph HigginsEnablednono[email protected]
Helpdesk AdministratorBen DoverEnforcedyesyes[email protected]
Intune AdministratorBen DoverEnforcedyesyes[email protected]
Teams AdministratorPerry ScopeEnablednono[email protected]
Role Assignments Chart  
Microsoft 365 Users  
NamePrimary E-mail addressLicensesEmail TypeLast Logon dateDays since last logonReset Password at Next LogonIs BlockedMFA StatusMFA CapableMFA RegisteredDefault MFA MethodMFA Methods RegisteredSelf Service Password reset capableSelf Service Password reset registeredSelf Service Password reset enabledPasswordless CapableActiveSyncPOPIMAPMAPISMTPOWAE-mail Aliases
Bert Dirtha[email protected]AZURE ACTIVE DIRECTORY PREMIUM P1, MICROSOFT 365 BUSINESS BASICUserMailbox2023-03-24 10:27:386FalseNoEnforcedTrueTruemobilePhonemobilePhone, microsoftAuthenticatorPush, softwareOneTimePasscodeFalseFalseFalseFalseEnabledEnabledDisabledEnabledEnabledEnabled[email protected], [email protected]
Alfie McDee[email protected]Not ActiveNot availableNot availableFalseNoEnforcedTrueTruenonemicrosoftAuthenticatorPushFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Andrew test[email protected]Not Active2023-03-27 14:50:252FalseNoEnabled (CA)TrueTruemobilePhonemobilePhoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Anne Teak[email protected]Not ActiveNot availableNot availableFalseNoEnabled (CA)TrueTruenonemicrosoftAuthenticatorPushFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Art Deco[email protected]EXCHANGE ONLINE KIOSKUserMailboxNot availableNot availableFalseNoEnforcedTrueTruenonemicrosoftAuthenticatorPushFalseFalseFalseFalseEnabledDisabledDisabledDisabledDisabledEnabled[email protected]
Ben Dover[email protected]MICROSOFT POWER AUTOMATE FREE, EXCHANGE ONLINE KIOSKUserMailboxNot availableNot availableFalseYesEnforcedNot availableNot availableNot availableNot availableNot availableNot availableNot availableNot availableEnabledDisabledDisabledDisabledDisabledEnabled[email protected]
chee[email protected]UserMailboxNot availableNot availableFalseNoEnforcedTrueTruenonemicrosoftAuthenticatorPushFalseFalseFalseFalseEnabledEnabledDisabledEnabledEnabledEnabled[email protected], [email protected]
Chris Anthemum[email protected]Not ActiveNot availableNot availableFalseNoEnabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Andrew Demo Admin account[email protected]Not Active2022-06-16 12:44:19287FalseNoEnforcedFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Equipment[email protected]EquipmentMailboxNot availableNot availableFalseNoEnforcedTrueTruenonemicrosoftAuthenticatorPushFalseFalseFalseFalseEnabledDisabledDisabledEnabledDisabledEnabled[email protected]
Ginger Plant[email protected]Not ActiveNot availableNot availableFalseNoEnforcedTrueTruenonemicrosoftAuthenticatorPushFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Holly Bush[email protected]Not ActiveNot availableNot availableFalseNoDisabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled[email protected]
Hugo First[email protected]EXCHANGE ONLINE KIOSKUserMailboxNot availableNot availableFalseNoEnforcedFalseFalsenoneFalseFalseFalseFalseEnabledDisabledDisabledDisabledDisabledEnabled[email protected]
Jennifer Aurelli[email protected]SharedMailbox2020-05-26 13:57:301037FalseNoDisabledFalseFalsenoneFalseFalseFalseFalseEnabledEnabledEnabledEnabledEnabledEnabled[email protected], [email protected], [email protected], [email protected]
Kevin Dowling[email protected]Not ActiveNot availableNot availableFalseNoEnabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled[email protected]
Liz Erd[email protected]Not ActiveNot availableNot availableFalseNoEnabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Mal Ajusted[email protected]Not ActiveNot availableNot availableFalseNoDisabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Mark Potts[email protected]Not ActiveNot availableNot availableFalseNoDisabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled[email protected]
Mark Ateer[email protected]Not ActiveNot availableNot availableFalseNoEnabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Meeting Room[email protected]RoomMailboxNot availableNot availableFalseNoEnabledFalseFalsenoneFalseFalseFalseFalseEnabledDisabledDisabledDisabledDisabledEnabled[email protected]
Michael Hello[email protected]Not ActiveNot availableNot availableFalseNoEnabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Neil Down[email protected]Not ActiveNot availableNot availableFalseNoEnabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Olive Yew[email protected]Not ActiveNot availableNot availableFalseNoEnabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
PauloPaulo_gpostpc321.com#EXT#@acestara.onmicrosoft.comGuestMailUserNot availableNot availableFalseNoEnabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled[email protected]
Perry Scope[email protected]Not ActiveNot availableNot availableFalseNoEnabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Peter Owt[email protected]Not ActiveNot availableNot availableFalseNoEnabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Quinn Evans[email protected]MICROSOFT POWER AUTOMATE FREE, MICROSOFT 365 BUSINESS BASICUserMailbox2022-05-24 07:27:53310FalseNoDisabledFalseFalsenoneFalseFalseFalseFalseEnabledEnabledDisabledEnabledEnabledEnabled[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
Ralph Higgins[email protected]SharedMailboxNot availableNot availableFalseNoEnabledFalseFalsenoneFalseFalseFalseFalseEnabledEnabledDisabledEnabledEnabledEnabled[email protected]
Ray Sincar[email protected]Not ActiveNot availableNot availableFalseNoEnabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
hotel[email protected]SharedMailboxNot availableNot availableFalseNoEnabledFalseFalsenoneFalseFalseFalseFalseEnabledDisabledDisabledDisabledDisabledEnabled[email protected], [email protected], [email protected]
Rhea Lax[email protected]Not ActiveNot availableNot availableFalseNoDisabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled[email protected]
Simon Sais[email protected]Not ActiveNot availableNot availableFalseYesEnabledNot availableNot availableNot availableNot availableNot availableNot availableNot availableNot availableDisabledDisabledDisabledDisabledDisabledDisabled
Support[email protected]SharedMailboxNot availableNot availableFalseNoEnabledFalseFalsenoneFalseFalseFalseFalseEnabledDisabledDisabledEnabledEnabledEnabled[email protected]
sydneysydney_Asw342A.com#EXT#@acestara.onmicrosoft.comGuestMailUserNot availableNot availableFalseNoEnabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled[email protected]
tempaccount[email protected]Not Active2022-04-05 15:40:36358FalseNoDisabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
toot toot[email protected]MailUniversalDistributionGroupNot availableNot availableFalseNoEnforcedFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Licensed and Unlicensed users chart  
Microsoft 365 User MFA Status  
Microsoft 365 Mailbox Types  
 
Microsoft 365 Licenses  
NameTotal AmountAssigned LicensesUnassigned Licenses
EXCHANGE ONLINE KIOSK532
EXCHANGE ONLINE (PLAN 1)101
AZURE ACTIVE DIRECTORY PREMIUM P1110
MICROSOFT 365 BUSINESS BASIC220
Microsoft 365 Licenses and Users  
NameUsers allocated this license
Exchange Online Kiosk[email protected], [email protected], [email protected]
Azure Active Directory Premium P1[email protected]
Microsoft 365 Business Basic[email protected], [email protected]
Microsoft 365 Licensing Charts  
Microsoft 365 delegated access to mailboxes  
NamePrimary E-MailMailbox TypeUsers who can access this mailbox
Bert Dirtha[email protected]UserMailbox
Art Deco[email protected]UserMailbox
Ben Dover[email protected]UserMailbox
chee[email protected]UserMailbox[email protected],[email protected],[email protected]
Equipment[email protected]EquipmentMailbox
Hugo First[email protected]UserMailbox
Jennifer Aurelli[email protected]SharedMailbox[email protected],[email protected],[email protected],[email protected],[email protected],[email protected]
Quinn Evans[email protected]UserMailbox[email protected],[email protected]
Ralph Higgins[email protected]SharedMailbox[email protected],[email protected],[email protected]
hotel[email protected]SharedMailbox
Support[email protected]SharedMailbox[email protected],[email protected]
Microsoft 365 mobile device access  
Primary Email AddressDisplay NameNameDevice ModelDevice TypeDevice OSDevelopment NameDevice IdClient TypeClient VersionMobile OperatorFirst SyncLast SyncLast Sync Attempt
[email protected]Bert DirthaadminPixel 6 ProAndroidAndroid 13.8927612raven4E696E65394439424130423243353937EAS16.1O2 - UK2022/09/11 08:422022/09/11 08:422022/09/11 08:42
[email protected]Bert DirthaadminDefault stringUniversalOutlookWINDOWSGLENN-PC68D2A8DA190E4BF189497A4C4548A4F8Outlook1.02022/09/11 08:362022/09/11 08:36Not available
Mobile device types  
 
Microsoft 365 contacts  
NameE-mail Address
Sydney[email protected]
Microsoft 365 Mail Users  
NamePrimary E-MailE-mail Aliases
Paulo[email protected]
sydney_Asw342A.com#EXT#[email protected]
 
Microsoft 365 Room Mailboxes  
NamePrimary E-MailE-mail Aliases
Meeting Room[email protected]
Microsoft 365 Equipment Mailboxes  
NamePrimary E-MailE-mail Aliases
Equipment[email protected]
 
Microsoft 365 Groups  
NameTypeMembersE-mail AddressID
AcestaraMicrosoft 365 Group[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected][email protected]c3c914eb-08ea-4b38-95da-40e0e9c9f265
Acestara SecuritySecurity Group[email protected]c86ff27d-4f92-4c3b-aa96-018a96b73953
Acestara TeamMicrosoft 365 Group[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected][email protected]ef9910ce-4da7-4117-8be9-723ac772b6e5
All CompanyMicrosoft 365 Group[email protected]5aacfe77-b50c-4912-aa63-f912a220c7f8
DespatchDistribution List[email protected], [email protected], [email protected][email protected]c2ca64d2-dc93-43ae-8cc9-bcfd1cca2658
Discussion TeamMicrosoft 365 Group[email protected][email protected]ac08fbdc-502f-48d4-9a7c-f8bb5c792bdb
DMARCMicrosoft 365 Group[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected][email protected]a1c7a4ce-ee50-4bf1-b374-cfdf3fc6ebca
MarketingMicrosoft 365 Group[email protected], [email protected], [email protected], [email protected], [email protected], [email protected][email protected]a82038a9-ee9f-43d0-b82c-eed88b7d940c
Merging infoDistribution List[email protected], [email protected], [email protected], [email protected], [email protected][email protected]4fe8c299-c579-4e16-aefe-3076793923ff
PleaseDistributeDistribution List[email protected]bd7877c0-f097-4765-8a70-452a33bc1739
SalesDistribution List[email protected], [email protected], [email protected], [email protected], [email protected], [email protected][email protected]e7bd86de-a161-4bf8-ba2f-62ed33497b13
Security GroupMail Enabled Security Group[email protected], [email protected], [email protected], [email protected], [email protected][email protected]ed6cba35-74e2-4220-aeda-d5fc26900db4
SecurityAlphaSecurity Group[email protected]92bbb0b1-9566-4907-aed3-a54015cd9d64
SecuritySettingsAlphaSecurity Groupf0268b1b-a33c-482c-8ec7-365553f61563
testgroupDistribution List[email protected][email protected]b88f651c-a950-41bc-aac5-e9c113021d58
Timeout.comDistribution List[email protected]b06dad2e-fa66-4abf-9e05-c14f99866e0e
tootDistribution List[email protected][email protected]bae7b905-4f1b-4dfa-9400-1e68f13ee479
Microsoft 365 mail enabled Groups with external members  
NameTypeMembersExternal MembersE-mail AddressID
AcestaraMicrosoft 365 Group[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected][email protected], [email protected][email protected]c3c914eb-08ea-4b38-95da-40e0e9c9f265
SalesDistribution List[email protected], [email protected], [email protected], [email protected], [email protected], [email protected][email protected], [email protected][email protected]e7bd86de-a161-4bf8-ba2f-62ed33497b13
Microsoft 365 Groups chart  
 
All Forwarding on mailboxes  
Primary Email AddressDisplay NameHas email forwarded to this address
[email protected]Equipment[email protected]
[email protected]Quinn Evans[email protected]
[email protected]Ralph Higgins[email protected]
[email protected]Support[email protected]
External Forwarding on mailboxes  
Information
Information: No Users with external forwarding rules were found.
 
All Transport Rules currently in the exchange  
Transport Rule NameDescription
Block IP and delete - TENANTIf the message:
sender ip addresses belong to one of these ranges: '1.1.2.3'
Take the following actions:
Delete the message without notifying the recipient or sender
whitelist MSP Easy ToolsIf the message:
sender's address domain portion belongs to any of these domains: 'mspeasytools.co.uk' or 'office365security.info' or 'mspet.co.uk' or 'micromonty.com' or 'mspeasytools.sk' or 'promptmapper.com'
Take the following actions:
Set the spam confidence level (SCL) to '-1'
Whitelist gdsq.ukIf the message:
sender's address domain portion belongs to any of these domains: 'gdsq.uk'
Take the following actions:
Set the spam confidence level (SCL) to '-1'
AlertsNotJunkIf the message:
Is received from '[email protected]'
Take the following actions:
Set the spam confidence level (SCL) to '-1'
Whitelist ff.oiIf the message:
sender's address domain portion belongs to any of these domains: 'ff.oi'
Take the following actions:
Set the spam confidence level (SCL) to '-1'
Whitelist gdsq.co.ukIf the message:
sender's address domain portion belongs to any of these domains: 'gdsq.co.uk'
Take the following actions:
Set the spam confidence level (SCL) to '-1'
whitelist MSPETUKIf the message:
sender's address domain portion belongs to any of these domains: 'mspet.uk' or 'mspetduk.onmicrosoft.com' or 'msptools.co.uk'
Take the following actions:
Set the spam confidence level (SCL) to '-1'
MSPET-RD-MSP EasyTools infoIf the message:
Is received from '[email protected]'
and Includes these patterns in the message subject: 'Further information'
Take the following actions:
Redirect the message to '[email protected]'
Forward to HomeIf the message:
Is sent to '[email protected]'
and Includes these words in the message subject: 'Sydney'
Take the following actions:
Redirect the message to '[email protected]'
Internal plus2If the message:
Is sent to '[email protected]'
Take the following actions:
Blind carbon copy(Bcc) the message to '[email protected]'
Secret messagesIf the message:
Includes these words in the message subject or body: 'Bank details'
Take the following actions:
Redirect the message to '[email protected]'
Sent to 'Ralph Higgins'If the message:
Is sent to '[email protected]'
Take the following actions:
Prepend the subject with 'Hello Ralph'
Transport Rules that forward externally  
Transport Rule NameDescription
Forward to HomeIf the message:
Is sent to '[email protected]'
and Includes these words in the message subject: 'Sydney'
Take the following actions:
Redirect the message to '[email protected]'
Internal plus2If the message:
Is sent to '[email protected]'
Take the following actions:
Blind carbon copy(Bcc) the message to '[email protected]'
Secret messagesIf the message:
Includes these words in the message subject or body: 'Bank details'
Take the following actions:
Redirect the message to '[email protected]'
 
All inbox rules currently in the exchange  
User Email AddressInbox Rule NameDescription
[email protected]Emails from JenniferIf the message:
the message was received from 'Jennifer Aurelli'
Take the following actions:
move the message to folder 'Jennifer'
and stop processing more rules on this message
[email protected]Emails from MarkIf the message:
the message was received from '[email protected]'
Take the following actions:
delete the message
and stop processing more rules on this message
[email protected]Emails from RalphIf the message:
the message was received from 'Ralph Higgins'
Take the following actions:
move the message to folder 'Ralph'
and stop processing more rules on this message
[email protected]For all messages from Acestara TeamIf the message:
the message was received from 'Jennifer Aurelli'
Take the following actions:
move the message to folder 'Jennifer'
and stop processing more rules on this message
[email protected]to meIf the message:
the body of the message contains the words 'pigs'
Take the following actions:
delete the message
and stop processing more rules on this message
[email protected]External SendIf the message:
the message includes specific words in the subject 'Finance'
Take the following actions:
forward the message to '[email protected]'
and stop processing more rules on this message
Inbox Rules that forward externally  
User Email AddressInbox Rule NameDescription
[email protected]External SendIf the message:
the message includes specific words in the subject 'Finance'
Take the following actions:
forward the message to '[email protected]'
and stop processing more rules on this message
All Conditional Access Policies detail  
Display NameIdDescriptionStateCreated DateModified DateIncluded UsersExcluded UsersIncluded GroupsExcluded GroupsIncluded RolesExcluded RolesIncluded AppIDsExcluded AppIDsInclude User ActionsIncluded Authentication Context Class ReferencesClient App type conditionsClient Apps Include Service PrincipalsClient Apps Exclude Service PrincipalsFilter for Devices ModeFilter for Devices RuleIncluded LocationsExcluded LocationsIncluded PlatformsExcluded PlatformsService Principal Risk LevelsSign In Risk LevelsUser Risk LevelsGrant controlsOperator for multiple controlsCustom Authentication FactorsGrant controls Terms Of UseApplication enforced restrictions enabledCloud App Security TypeCloud App Security enabledDisable Resilience DefaultsPersistent Browser modePersistent Browser mode enabledSign in frequency intervalSign in frequency interval valueSign in frequency interval unitSign in frequency Authentication TypeSign in frequency interval enabled
SecurityPolicy15a4c8f90-21b4-46d9-9f4f-15bb6e7decabenabled11/11/2021 11:49:13 AM4/28/2022 4:03:49 PM[email protected], [email protected]MarketingBilling AdministratorNoneallmfaOR
remembermfa928f26f0-7437-4276-888c-8fa34a7ab748enabled6/17/2022 7:42:23 AMAllGlobal AdministratorAllallFalsealwaysTruetimeBased1hoursprimaryAndSecondaryAuthenticationTrue

Action Points

The below summarises recommended important points to act upon, taken from the entire security report. Where possible you should aim to make as many of the items below show as a green thumbs up. If due to required legacy compatibilty you are unable to fully address all points then you should tightly control and document anything that can't be changed for compliancy purposes. Action points are colour / icon coded for ease of use. A green thumbs up requires no action on your part. A red thumbs down represents a significant security / misconfiguration issue and should be addressed. An amber pointing finger should still be addresed but may be of less significance in comparison to a thumbs down. A blue 'info' icon is not necesarily a concern but is something that you need to be aware of.

Unified Audit Log

The Unified Audit log is enabled

No action needs to be taken

Password Expiry Policy

Passwords set to expire after 730 days

No action needs to be taken

OAuth2

OAuth2 (Modern Authentication) is enabled in the tenant

No action needs to be taken

Active Sync

Active Sync is enabled for at least one account in the tenant

Check the 'Users' tab for more detail. Active Sync is a legacy protocol that is used to access Exchange servers. It does not fully support MFA so ideally should not be used. However, most mobile devices use Active Sync to access emails, blocking active sync will stop mobile devices retrieving email when using most email apps. You can use the connection protocols tool in MicroMonty to control this

POP

POP is enabled for at least one account in the tenant

Check the 'Users' tab for more detail. POP is a legacy protocol that is used to access email accounts. It does not support MFA so should not be used. If POP is enabled MFA can be bypassed to access your email. For maximum security it is recommended to block the use of POP to access email in Microsoft 365. You can use the connection protocols tool in MicroMonty to control this

IMAP

IMAP is enabled for at least one account in the tenant

Check the 'Users' tab for more detail. IMAP is a legacy protocol that is used to access email accounts. It does not support MFA so should not be used. If IMAP is enabled MFA can be bypassed to access your email. For maximum security it is recommended to block the use of IMAP to access email in Microsoft 365. You can use the connection protocols tool in MicroMonty to control this

MAPI

MAPI is enabled for at least one account in the tenant

Check the 'Users' tab for more detail. MAPI is a legacy protocol that is used to access email accounts. Disabling MAPI could increase security. However, disabling MAPI will prevent the use of Outlook to access email in Exchange mode, this is generally not recommended. You can use the connection protocols tool in MicroMonty to control this

SMTP

SMTP is enabled for at least one account in the tenant

Check the 'Users' tab for more detail. SMTP is a legacy protocol that is used to send email. SMTP does not support MFA. If SMTP is enabled MFA can be bypassed to send email from your accounts. For maximum security, and to prevent your accounts being spoofed, it is recommended to block the use of SMTP in Microsoft 365. You can use the connection protocols tool in MicroMonty to control this

MFA Conditional Access Policy

All configured conditional access policies that enforce MFA are enabled

No action needs to be taken

MFA Conditional Access Policy Exceptions

All configured conditional access policies that enforce MFA do not contain exceptions

No action needs to be taken

Domain Verification

All registered domains are verified in Microsoft 365

No action needs to be taken

DKIM status

At least one of your registered domains does not have DKIM enabled

Look at the 'Dashboard' tab for more info. DKIM and DMARC settings help to protect your domains from email spoofing. DNS Settings may need to be made in your domain registrar and in the Microsoft 365 portal to enable DKIM and then set a DMARC policy

Azure AD App creation

No Applications are registered in your Azure AD

No action needs to be taken

Strong Password Requirement

No users found with strong password enforcement disabled

No action needs to be taken

MFA and password expiry

No users found with no password expiry and MFA disabled

No action needs to be taken

No password expiry

Users found with Password expiry disabled but MFA enabled

Check the 'Dashboard' tab for more information. For security, If possible enable password expiry for all users. However, these users do have MFA enabled. You can use the Password tools in the security section of Micromonty to help you do this

Global Admins

Multiple global admins detected

It is recommended that the number of Global Admins is kept to a minimum for security. Please check the 'Admins' tab for more detail. Attackers can create a new admin to compromise your systems. Remember also that an internal user has 'Access all areas' if they are a global admin. The pro version of the tools can alert you when a new admin is detected and also help to remove unwanted admins. MircroMonty can help you to configure different admin privileges for any account

Admin Multifactor Authentication

At least one admin in the tenant is not using MFA

It is recommended that all administrators have MFA enabled on their account for added security. Please check the 'Admins' tab for more detail. You can use the MFA tool on the MSPET Launcher to configure MFA where needed.

User Multifactor Authentication

At least one user in the tenant is not using MFA

It is recommended that all users have MFA enabled on their account for added security. Please check the 'users' tab for more detail. You can use the MFA tool on the MSPET Launcher to configure MFA where needed. If for legacy devices where MFA cannot be used, this should be strictly controlled and a secure password that is changed regularly used as a minimum

Blocked users

At least one user is blocked from signing in

There are blocked users in the tenant. Check the 'Users' tab for more information. Blocked users cannot sign in. If this account is no longer active it is best practice to place a hold on the account and make it an inactive account. Blocked users are not recommended long term. You can use MicroMonty's security tools to control the blocked status of a user.

License allocation

No license assignments exceed their specified usage limits

No action needs to be taken

License usage

There are unused licenses in the tenant

Unused licenses can incur a cost that is unnecessary. Check the 'Licenses'. tab for more detail. These licenses should be allocated to users or cancelled if not needed. You can use the license tool in MicroMonty to assign licenses. Excess licenses must be cancelled with your provider

Delegated mailbox access

There are users with delegated mailboxes in the tenant

When a mailbox is delegated the delegate can fully access the content of the mailbox. Check the 'Licenses'. tab for more detail. Please check to confirm these delegations are as they should be. You can use the Mailbox tools in MicroMonty to change mailbox permissions.

Microsoft 365 Mail Users

Microsoft 365 Mail Users exist in the tenant

A Microsoft 365 mail user is an external user that has been given access to some (or all) of the content in your Microsoft 365 tenant. This usually means that a user has shared some content with this person. Check the 'Contacts' tab for more detail. Microsoft 365 mail users are not recommended, especially long term, these users can access part or even all of your sharepoint / onedrive data. You can use MicroMonty to help you remove 'Mail Users'

Groups with external members

Mail enabled groups exist with external members

A mail enabled group with an external member can be used to forward mail external to the organisation. Check the 'Groups' tab for more detail. If possible you should remove external members from your mail enabled groups. You can use MicroMonty to create and delete mail enabled groups. New MicroMonty tool to configure existing group members soon. The pro version of MSP Easy tools can automatically alert you when a new external group member is found.

External Forwarding

No Users with external forwarding rules were found.

No action needs to be taken

External Transport Rules

Externally forwarding transport rules were found

External transport rules can be used to forward emails automatically to a recipient outside the tenant. Check the 'Transport Rules' tab for more detail. If possible you should remove all external Transport rules. The pro version of MSP Easy tools can automatically alert you when a new external transport rule is found. The counterpart tool on the launcher will help you to remove unwanted rules

External inbox Rules

Externally forwarding inbox rules were found

Users can set up rules on their mailboxes that automatically forward to external sources. Check the 'Inbox Rules' tab for more detail. If possible these should be removed. It is recommended to block users ability to set externally forwarding inbox rules. The pro version of MSP Easy tools can automatically block all externally forwarding inbox rules. The counterpart tool on the launcher allows you to make any exceptions should you need to.

Conditional Access Policies

Enabled conditional access policies were found.

No action needs to be taken. Check the conditional access tab of the report for more detail.
Explanation of terms used in the report  
TermExplanation
Active SyncActive Sync is a legacy protocol that is used to access Exchange servers. It does not fully support MFA so ideally should not be used. However, most mobile devices use Active Sync to access emails, blocking active sync will stop mobile devices retrieving email when using most email apps.
AdminA user or entity that has control over your Microsoft 365 tenant
Azure AD applicationsAn Azure AD application is a registered applicaition in the Active directory of a Microsoft 365 tenant. Azure applications can be granted permissions to perform a multitude of actions both within the tenant and potentially upon any partner tenants too.
Billing AdministratorMakes purchases, manages subscriptions, opens and manages support tickets, and monitors service health.
Conditional Access PolicyA conditional access policy enforces specified conditions on user, group members or roles within the Azure active directory. For example it could be used to enforce MFA on users that are members of a particular group.
ContactAn external contact that has been added to the Microsoft 365 contacts list. These users do not have access to any of your Microsoft 365 content.
CRM Service AdministratorAlso known as a Dynamics 365 service admin, can sign in to the Dynamics 365 admin center to manage instances. A person with this role cannot do functions restricted to the Microsoft 365 global admin such as manage user accounts, manage subscriptions, access settings for Microsoft 365 apps like Exchange or SharePoint.
Customer LockBox Access ApproverCan approve Microsoft support requests to access customer organizational data. Manages Customer Lockbox requests in your organisation. They receive email notifications for Customer Lockbox requests and can approve/deny requests from the Microsoft 365 Admin Center. They can also turn on/off the Customer Lockbox feature.
Default domainThe primary domain registered in your Microsoft 365 tenant
Distribution ListSometimes referred to as a Distribution Group. A Microsoft 365 distribution group is a group of users that is mail-enabled (you can send emails to this group email account, and by doing that, all listed users will also be emailed automatically rather than having to email them all individually
DKIMDKIM (DomainKeys Identified Mail) is an email security standard designed to make sure messages aren't altered in transit between the sending and recipient servers. It uses public-key cryptography to sign email with a private key as it leaves a sending server.
DomainThe part of your email address after @. Domains listed are all the ones that are valid in this tenant.
Email AliasAn alternate email address that can be used to send to a recipient. They will not be able to send out using this address. Only the primary email address can be used to send email.
Equipment MailboxAn equipment mailbox is a resource mailbox assigned to a resource that's not location specific, such as a portable computer, projector, microphone, or a company car. After an administrator creates an equipment mailbox, users can easily reserve the piece of equipment by including the corresponding equipment mailbox in a meeting request.
Exchange AdministratorManages email, mailboxes and anti-spam policies for your business, using the Exchange admin center. Can view all the activity reports in the Microsoft 365 admin center, manage support tickets, and monitor service health.
Global AdministratorA user that has total control over all aspects of your Microsoft 365 tenant. There is nothing this user cannot access or do to your tenant. This is the only user that can assign admin roles to other users
GroupA group in Microsoft 365 can be used to apply privileges/permissions to a group of people, or to email a list of users simultaneously
Helpdesk AdministratorSometimes referred to as a password administrator. Resets passwords, manages support tickets, and monitors service health. Helpdesk admins can't reset passwords for global admins. Only other global admins can do that.
IMAPIMAP is a legacy protocol that is used to access email accounts. It does not support MFA so should not be used. If IMAP is enabled MFA can be bypassed to access your email. For maximum security it is recommended to block the use of IMAP to access email in Microsoft 365.
Last Mailbox loginThe last time a user logged into their mailbox
LicenseThe Microsoft 365 license that is assigned to a user
License AdministratorAdds, removes, and updates license assignments for users, groups (using group-based licensing), and manages the usage location of users.
LicensedA user is licensed if they are assigned an Microsoft 365 license in your tenant. It is possible to have a user without a license. They can access the portal but won't be able to do anything or access your data unless they are an admin.
Mail UserAn external user. However, unlike a mail contact, a mail user has logon credentials in your Exchange or Microsoft 365 organization and can access resources. These users appear if content is shared or access given to anything within your Microsoft 365 tenant.
MAPIMAPI is a legacy protocol that is used to access email accounts. Disabling MAPI could increase security. However, disabling MAPI will prevent the use of Outlook to access email in Exchange mode, this is generally not recommended
Message Centre ReaderMonitors changes to the service and can view all posts to the Message center in Microsoft 365 and share Message center posts with others through email. People assigned this role also have read-only access to some admin center resources, such as users, groups, domains, and subscriptions.
MFA StatusThe Multi Factor Authentication status of the user. All admins should have MFA enabled!
OAuth2 (Modern Authentication)OAuth2 or Modern Authentication fully supports all forms of Multifactor Authentication. For security and compliance the it is recommended that OAuth2 should always be enabled
Password Expiry PolicyFor security compliance all users should regularly change their password. Passwords should not be set to 'Never Expire' without a good reason
POPPOP is a legacy protocol that is used to access email accounts. It does not support MFA so should not be used. If POP is enabled MFA can be bypassed to access your email. For maximum security it is recommended to block the use of POP to access email in Microsoft 365.
Power BI AdministratorA person assigned to the Power BI admin role will have access to Microsoft 365 Power BI usage metrics. They'll also be able to control your organization's usage of Power BI features.
Primary email addressThe main email address of a user that is used to log into Microsoft 365 and is also the address seen by recipients of an email from this user
Privileged Role AdministratorA customised administrator that can be given control over indivdually specified items in your Microsoft 365 tenant
Reports ReaderCan view all the activity reports in the Microsoft 365 admin center.
Reset Password at next loginShows if the user will be required to reset their password the next time they log in
Room MailboxA room mailbox is a resource mailbox that's assigned to a physical location, such as a conference room, an auditorium, or a training room. With room mailboxes, users can easily reserve these rooms by including room mailboxes in their meeting requests. When they do this, the room mailbox uses options you can configure to decide whether the invite should be accepted or denied.
Security DefaultsSecurity defaults makes it easier to help protect your organisation from identity related attacks with preconfigured security settings. Requires all users to register for MFA. Requires Admins to do Multifactor AUthentication. Requires users to do Multifactor authentication when necessary (DOES NOT ENFORCE MFA IN ALL SITUATIONS). Blocks legacy authentication protocols. Protects privileged activities like access to the Azure Portal. Security defaults are useful if a tenant has only free tier Azure AD. They are generally not considered suitable if the tenant has premium licenses, uses conditional access policies, or has complex security requirements.
Security GroupA security group is used to assign permission to a set of users to grant access to things, such as to a SharePoint Site, Web Pages, an entire SharePoint List or Document Library, or even just some files, etc.
Service Support AdministratorOpens support tickets with Microsoft and views the service dashboard and message center. They have 'view only' permissions except for opening support tickets and reading them.
Shared MailboxA shared mailbox does not take a Microsoft 365 license. A shared mailbox can only be accessed by someone that is given delegated permission to access it. It can function in exactly the same way as a regular mailbox but is not acessible independently.
Sharepoint AdministratorManages file storage for your organization in SharePoint Online and OneDrive. They do this in the SharePoint admin center. They can also assign other people to be site collection administrators.
Site Collection AdministratorControls one specified sharepoint site on your tenant. This role can be set by a Sharepoint administrator
Skype AdministratorConfigures Skype for Business for your organization and can view all the activity reports in the Microsoft 365 admin center. Can open and manage support tickets.
SMTPSMTP is a legacy protocol that is used to send email. SMTP does not support MFA. If SMTP is enabled MFA can be bypassed to send email from your accounts. For maximum security, and to prevent your accounts being spoofed, it is recommended to block the use of SMTP in Microsoft 365.
Teams Communications AdministratorCan manage calling and meeting features of Microsoft Teams, including phone number assignments and meeting policies. They can also use call analytics tools to troubleshoot issues.
Teams Communications Support EngineerCan troubleshoot communication issues in Teams using call analytics tools, and can view full call record information for all participants involved.
Teams Communications Support SpecialistCan troubleshoot communication issues in Teams using call analytics tools, and can view call record information for the specific user being searched for.
Teams Service AdministratorCan manage all aspects of Microsoft Teams except license assignment. This includes policies for calling, messaging, and meetings; use of call analytics tools to troubleshoot telephony issues, and management of users and their telephony settings. This role additionally grants the ability to create and manage all Microsoft 365 Groups, manage support tickets, and monitor service health.
TenantThe instance of your Microsoft 365 that includes all of your content
Unified Audit LogThe Unified Audit Log UAL, keeps a record of most events that occur in Microsoft 365. Without the unified audit log keeping track of events is in most cases impossible. For security and compliance the UAL should always be enabled
User Account AdministratorResets passwords, monitors service health, adds and deletes user accounts, manages support tickets, adds and removes members from Microsoft 365 groups. The user management admin can't delete a global admin, create other admin roles, or reset passwords for global, billing, Exchange, SharePoint, Compliance, and Skype for Business admins. This role also includes the ability to update license assignments for users and for groups (using group-based licensing), and manage the usage location of users.
User MailboxThe place where Microsoft 365 stores all of a user's email
Verification StatusShows if the domain is valid and ready to be used in your tenant