Review the security reports in Microsoft Defender XDR
Various reports are available in Microsoft Defender XDR. The Microsoft Defender portal divides its reports into three categories:
- Security. Enables organizations to view information about security trends. The reports also track the protection status of an organization's identities, data, devices, apps, and infrastructure.
- Email and collaboration. Enables organizations to review Microsoft recommended actions to help improve email and collaboration security.
- Endpoints. Enables organizations to view information concerning threat protection, device health and compliance, vulnerable devices, and Web protection.
To view and use the reports described in this unit, you must belong to one of the following role groups in the Microsoft Defender portal:
- Organization Management
- Security Administrator
- Security Reader
- Global Reader
Note
Adding users to the corresponding Microsoft Entra role in the Microsoft 365 admin center gives users the required permissions in the Microsoft Defender portal. It also provides permissions for other features in Microsoft 365.
Security reports in the Microsoft Defender portal
Various reports are available in the Microsoft Defender portal to help you track security trends and the protection status of various organization-owned objects. The Security reports are divided into the following categories: Identities, Data, Devices, and Apps. The Security reports include:
- Identities
- Users at risk
- Global admins
- Data
- Users with the most shared files
- DLP policy matches
- Third-party DLP policy matches
- DLP false positives and overrides
- Devices
- Devices at risk
- Threat analytics
- Device compliance
- Devices with active malware
- Types of malware on devices
- Malware on devices
- Devices with malware detections
- Users with malware detections
- Apps
- Privileged OAuth apps
- Cloud app accounts for review
- Discovered cloud apps (categories)
- Cloud app activity locations
Microsoft Defender for Endpoint reports in the Microsoft Defender portal
Various reports are available in the Microsoft Defender portal. The Endpoint reports include:
- Threat protection
- Device health and compliance
- Vulnerable devices
- Web protection
Microsoft Defender for Office 365 reports in the Microsoft Defender portal
Various reports are available in the Microsoft Defender portal to help you see how email security features in Microsoft 365 are protecting your organization. The Email and collaboration reports include:
- Top malware
- Mail latency report
- Top senders and recipients
- Mail flow status summary
- Threat protection status
- URL protection report
- Spoof detections
- Compromised users
- Exchange transport rule
- User reported messages
- Submissions