Office 365 Reports
Secure Score
The Secure Score report can provide insight into your security settings, and areas in which you might improve them for a smaller attack surface and generally more secure and performant Microsoft 365 environment.
Domains
The Domains report can show you all the domains associated with your Microsoft 365 tenant. We provide a summary of users per domain.
License Allocation
The License Allocation view can help you determine how many licenses you have purchased vs. how many licenses you have actually consumed.
Service Entitlement
The Service Entitlement report will summarize how many service plans you are entitled to, how many of those services have been assigned to users, and how many of those assignments have actually been provisioned by the users they were assigned to. In detail, you can see an service plan assignment on the user to service level.
User Data
You can view all users associated with your organization, how many of those users are synced from on-premises, and how many are in the cloud.
License Usage
The License Usage report will show you the usage data for all the users with active subscriptions. This report will present you with the user’s last activity date using the particular service listed. If any activity dates are blank, it means that the user has not used that service at all.
Mailboxes
The Mailboxes report will show you each mailbox associated with your organization, how big their mailbox is and how much of it has been used. There are also summaries available describing total free space vs used space, and how many mailboxes there are per domain.
The License Insights Report
The License Insights report is primarily designed to highlight cases in which an oversubscription to a Microsoft 365 product has occurred. Our License insights report is not designed to function as a compliance tool or provide licensing compliance insights in any way. It is rather a tool designed to determine any cases in which a license you have subscribed to via Microsoft 365 might no longer be needed. Our methodology consists of the following:
Local Productivity Applications (e.g. Office Professional Plus / Apps for Business / Apps for Enterprise)
- A subscription license is observed that entitles the user to install a local instance of a productivity tool (e.g Microsoft 365 E3)
- The user name associated with this license is determined from the UPN provided by the Microsoft 365 tenant
- Machines in inventory that are linked to a corresponding user name are retrieved from our device-level inventory
- The contents of that machines’ installed software is scanned for any local instances of productivity applications, including:
- Office Professional Plus (365 / Click-to-run versions)
- Office 365 Business
- Microsoft Apps for Business
- Microsoft Apps for Enterprise
- Office Professional Plus (legacy, on-premise versions)
- If a user does not match any of these criteria, we would consider a case in which the customer does not require the use on an on-premise productivity suite (e..g Microsoft Apps for Enterprise) despite their entitlement to one
- The use of any on-premise productivity application is considered an indication of a user who requires a licensing SKU that includes on-premise productivity application/suite; however
- While legacy versions of Office Professional Plus are not covered from a licensing perspective, they are indicative of a user making use of Office features
- The detection of legacy Office ProPlus and similar suites does present an additional opportunity to review the right application to use to meet this need; although this is not the express aim of this report
- In cases where a positive match occurs, we will further determine if the user is:
- Disabled in Microsft 365 or ActiveDirectory but are still consuming a license, if so they will be flagged as a possible reclamation opportunity, and
- Have not exhibited any activity in >= 90 days, if so they will be flagged as a possible reclamation opportunity
How We Gather Microsoft 365 Data
Unlike traditional IT asset data such as installed software, records for cloud applications such as Microsoft 365 are not stored within your environment; rather, in this case, they are stored on Microsoft Servers. So.. how do you get that information? The good news is that we have integrated with Microsoft’s Microsoft 365 and Microsoft Entra ID to pull in data such as your Microsoft Azure license entitlements, utilization, and service levels. Our Microsoft 365 reports allow you to pull Microsoft 365 information associated with your organization from the cloud, allowing you to view your on-cloud and on-premises data in one interface.
Microsoft 365 data is gathered through our Azure registered application. The setup is quite easy, as you simply need to provide consent to our application by signing into a Microsoft consent URL as a Global Admin. This is similar to authorizing an app on twitter. Credentials are not stored or reused.
We have provided two ways to take advantage of our Microsoft 365 integration. One way is to authorize our app to pull Microsoft 365 data in the Combine and the other is to authorize our app to pull Microsoft 365 data on the BlockBox.
Step 1: Create Microsoft 365 Credentials
You can skip this step if you already have a global admin account to use!
You will want to create a Global Admin account to use for the pulling of the Office 365 data in your Office 365 online portal if you haven’t already:
Once the credentials are created you can authorize our app to pull data with them through either the Combine or the BlockBox.
Step 2: Authorizing Our App
You can authorize our app in one of two ways, either on the Combine or on your BlockBox appliance. If you authorize your app on the Combine, the data will be updated nightly directly to the Combine. If you authorize our app on your appliance, the data will be updated on your appliance nightly. The second method (BlockBox) can be useful if you wish to keep all your discovery credentials managed on the appliance or if you’re in the processing of setting up the appliance for the first time, otherwise the rate at which the data is updated is the same and you can view your data on both the BlockBox and the Combine.
Method 1: The Combine
You can add Microsoft 365 credentials on the Combine by navigating to “Software Reports”, “Microsoft 365”, then “Manager”.
Populate the Global Admin Email field with your global admin email:
You will need to disable any pop-up blockers, if any, as a pop-up will appear after clicking “Save”. The pop-up will direct you to an official Microsoft consent URL. After signing in with your Global Admin account you will be prompted to accept the permissions our app requires to pull your data. The only permission we require is to “Read all usage reports” and “Read directory data”.
Once you’ve given our app consent, you will be redirected to a page confirming that we’ve received your consent and will close automatically within 5 seconds. You may close it yourself if you wish.
After the consent grant has been detected on the Combine, you will receive a message notifying that the consent has been granted and credentials have been saved. If this is the first time adding Office 365 credentials then an initial import will kick-off in the background and your data will soon be ready for review.