Data Collection
Office 365 collection is achieved via the Microsoft Graph API. The following sections outline the endpoints we reach for data collection and what we collect from them.
Organization
Tenant-level data, including data like verified domains:
- Tenant ID – The tenant ID, is a unique identifier of the organization
- Display Name – The display name for the tenant
- Country Code – Country/region abbreviation for the organization
- City – City name of address for the organization
- State – The street name of the address for the organization
- Postal Code – Postal code of the address for the organization
- Synced – If this object was synced from an on-premises directory
- Technical Notification Mails – Email recipients for technical notifications
- Verified Domains – Verified organization domains
Subscribed SKUs
Licenses owned by the tenant and what service plans belong to said licenses:
Licenses:
- SKU ID -The unique identifier (GUID) for the service SKU
- Part Number -The SKU part number; for example: “AAD_PREMIUM” or “RMSBASIC”
- Capability Status – The status of the license (ex. Enabled)
- Consumed Units – Number of consumed prepaid licenses
- Enabled Units – Number of enabled prepaid licenses
- Suspended Units – Number of prepaid licenses that have been suspended; could be due to payment issues
- Warning Units – Number of prepaid licenses that have warnings; could be due to suspension pending
Service Plans:
- Name – Identifier of service plan
- Applies To – Type of account this applies to (i.e User or Company)
Users
All users in Microsoft Entra ID and any assigned licenses and service plans:
- UPN – User principal name of the user; the UPN is an Internet-style login name for the user based on the Internet standard RFC 822
- On-Premises Security ID – Contains the on-premises security identifier (SID) for the user that was synchronized from on-premises to the cloud
- SMTP – SMTP proxy addresses of the user
- Display Name -The name displayed in the address book for the user; usually the combination of the user’s first name, middle initial, and last name
- Company -The company name with which the user is associated
- Country – The country/region in which the user is located; for example, “US” or “UK”
- Department – The name of the department in which the user works
- Manager UPN – User principal name of user’s manager
- User Type – A string value that can be used to classify user types in your directory, such as “Member” and “Guest”
- Responsibilities – Responsibilities of the user
- Office Location – The office location of the user
- Usage Location – Usage location of the user
- Assigned Licenses – The licenses that are assigned to the user
- Assigned Plans – The plans that are assigned to the user
- Provisioned Plans – The plans that are provisioned for the user
Groups
All groups in Microsoft Entra ID and their members:
- Display Name – The display name for the group
- Nick Name – The mail alias for the group, unique in the organization
- Types – Type of group
- SMTP – SMTP proxy addresses of groups
- Members – Users that are members of this group
- MailEnabled – Specifies whether the group is mail-enabled
- Synced – Whether or not the group was synced from an on-premises directory
Mailbox Usage Details
Active mailboxes and their storage usage:
- Username – Username of the mailbox; ex. Dave Smith
- Email – Unique email address of the user
- Is Inactive – Whether or not the mailbox is inactive
- Current Mailbox Size – Storage used on the mailbox
- IssueWarningQuota – Quota to reach for issuing a warning
- Report Date – The date that the statistic report was gathered
Secure Score
Azure Secure Score details of tenant:
- Tenant ID – Unique identifier of the tenant
- Created Date – Date Secure Score was created
- Licensed User Count – Number of licensed users belonging to the tenant
- Active User Count – Number of active users belonging to the tenant
- Secure Score – Tenant currently attained score on the specified date
- Max Secure Score – Tenant maximum score on the specified date
- Account Score – Account category score on the specified date
- Data Score – Data category score on the specified date
- Device Score – Device category score on the specified date
- Average Secure Score – Average competitive secure score on the specified date
- Average Max Secure Score – Average max secure score on the specified date
- Average Account Score – Average account category score on the specified date
- Average Data Score – Average data category score on the specified date
- Average Device Score – Average device category score on the specified date
Data Storage
Once data is collected, it is stored for reporting. No credentials are stored, we only store the email address of the Global Administrator that authorized our Azure-registered application. If data collection was authorized on the discovery appliance, then it will sit on the discovery appliance. If data uploads are enabled on the discovery appliance, the collected data will also be uploaded to the Combine. If the data collection was authorized on the Combine, then the data will reside there only.
For information about how data is transmitted to, and stored in the Combine – our cloud analytics layer – please visit our Data Security FAQ.