Apr 18 2017
Monitoring anomalous activity
Azure AD Reporting: monitoring anomalous activity
Organizations require the ability to control user access and keep company data safe from cybersecurity attacks, insider threats, and potential data loss, while empowering users to remain productive from anywhere using their mobile device. Ensuring that data is safe on mobile devices is a common customer concern. To meet this challenge, our new Azure AD reports allow you to track anomalous activities on user accounts. Within the report you can view why these activities are considered anomalous, who performed the sign-in, when, and from which IP address they were performed. This is extremely helpful for distributed organizations with multiple sites and geographic locations.
The anomalous activity report is an aggregate report that combines suspicious sign-ins from the following reports:
- Sign ins from unknown sources
- Sign-ins after multiple failures
- Sign-ins from multiple geographies
- Sign-ins from IP addresses with suspicious activity
- Sign-ins from possibly infected devices
- Irregular sign-in activity
An example of the new audit report is shown below. By clicking ”Columns”, you can add or remove information from the anomalous activity report. The columns can also be filtered, and as with other reports in CoreView, it is simple to export, save, print, or schedule the report to run on a regular basis. Furthermore, using V-tenants or admin groupings within CoreView, allows for the segmentation of the information in these audit reports. If you assign a specific administrator to ONLY view a subset of users, then that is the only group of user activity that will be shown in the audit activity reports they’re allowed to view. These reports can also be added to the “Favorite Report” area by clicking on the star icon close the report name. This enables quick access under the ‘Analyze’ tab once you have logged into the portal.
The data view can be updated instantly by clicking the ‘Refresh Data’ button. The success message appears once the data is refreshed.
In the top right corner of the table you can also adjust the time interval for the data items shown in the report. By using the drop-down picklist: yesterday, 7, 14, 30, 60 or 90 days, or custom range, it is possible to filter the information quickly.
Curious to view this report now? If you are already a customer running CoreView you can discover this report under ‘Audit’ tab together with other Azure AD Reports. Otherwise, take advantage of our free 14-day trial to check out the most advanced Office 365 management suite on the market.
New articles about other Azure AD reports are coming soon. Stay tuned!