Microsoft Defender for Office 365 Detection Details Report

Posted by Harri Jaakkonen Posted on 14/11/2022 0 Comments on Microsoft Defender for Office 365 Detection Details Report
Posted in Azure, Defender, Identity, Microsoft Sentinel, Power BI, Security

If you want to learn more on from your email security, you could use this template to get and holistic view of what’s going on inside your environment.

See here the announcement of the report.

Build custom email security reporting with Microsoft Defender for Office 365 and PowerBI
Security teams in both small and large organizations track key metrics to make critical security decisions, as well as identify meaningful trends in their organization over time. Microsoft Defender for Office 365 has rich, built-in reporting capabilities that provide insights into your security post…

Why it matters?

You have different signals inside your EXO that you could miss with a dashboard. The good thing is that you can automatically refresh it from Power BI.

How to install Power BI Desktop?

There are minimum requirements for the client.

  • Windows 8.1 / Windows Server 2012 R2, or later
  • .NET 4.6.2 or later
  • Internet Explorer 11 or later
  • Memory (RAM): At least 2 GB available, 4 GB or more recommended.
  • Display: At least 1440×900 or 1600×900 (16:9) required. Lower resolutions such as 1024×768 or 1280×800 aren’t supported, as certain controls (such as closing the startup screen) display beyond those resolutions.
  • Windows display settings: If you set your display settings to change the size of text, apps, and other items to more than 100%, you may not be able to see certain dialogs that you must interact with to continue using Power BI Desktop. If you encounter this issue, check your display settings in Windows by going to Settings > System > Display, and use the slider to return display settings to 100%.
  • CPU: 1 gigahertz (GHz) 64-bit (x64) processor or better recommended.
  • WebView2, if not automatically installed with Power BI Desktop or uninstalled. Download and run the installer for WebView2.

If you are un-familiar with Power BI and the process how it works, I will open it for you.

You can download Power BI desktop from Download center.

Download Microsoft Power BI Desktop from Official Microsoft Download Center
Microsoft Power BI Desktop is built for the analyst. It combines state-of-the-art interactive visualizations, with industry-leading data query and modeling built-in. Create and publish your reports to Power BI. Power BI Desktop helps you empower others with timely critical insights, anytime, anywher…

Or from Microsoft Store.

And it will open the Microsoft Store app for you.

How to use the report?

Once you have Power BI open, choose the report template you downloaded from GitHub

First switch the extension to .pbit

Choose connection to Microsoft Security API and sign-in with your Organization account.

Once you have successfully logged, you will be displayed your report and you can Publish it to Power BI Service and use it online.

And choose a workspace for the report to be published.

And wait.

Once done, you can open the report or go to https://app.powerbi.com to see the report inside the workspace.

Notice the next refresh column, we will get to it later.

What’s inside the report?

Digging a little bit deeper to the reports, we can see that it uses Advanced hunting API’s

In example for User Impersonation it uses this query.

There is also an overview page that helps you visualize what is inside the report.

Power BI background refresh

Like promised, I will cover the refresh, so here goes.

Open the Dataset, not the report. The report is only the visualization of the Dataset that will refresh itself.

First you will see an error inside the dataset

Choose Edit credentials and OAuth2, then sign in.

And there we have it.

That’s it, now you have your custom Security report inside Power BI Service. Power BI Desktop is a tool to edit the reports and push them to the cloud or you can keep them inside the tool but not that’s not really an viable solution.

Power BI refresh and Isolated sources

For the same refresh discussion, I will also write about a different scenario.

You have Isolated resources that are behind Private endpoints and thus Power BI Service cannot access them as it’s a Public service and outside of the scope for Private endpoints.

Using VNet data Gateways

This is a really simple way to get the refresh from sources that are behind Isolated endpoints. There is three easy to follow steps to accomplish this.

First you register the Microsoft.PowerPlatform provider.

Then you create a Subnet to your Virtual network having the service you want export the data from and Delegate the whole Subnet and access to the Microsoft.PowerPlatform/vnetaccesslinks service

Then you create the Network data gateway inside https://admin.powerplatform.microsoft.com/

And give some correct values.

Once done, you can see the status inside the admin portal.

And here the detailed instructions from Microsoft.

Create virtual network (VNet) data gateways
Provides information about how to create virtual network (VNet) data gateways.

Closure

So what we learned this time? Microsoft contributes also to our reporting needs, not only providing the tools but also templates to use.

And also how you can automatically refresh those data sets from public but also Isolated sources.

Love it, just love it!

If you want to read more on how make your Power BI more secure, check this out. I wrote it at the time when many of features were still in Preview (should make a refresh for it also!)

How handle security in a Power BI environment?
Data platforms are used in many places and Power BI is one solution to generate visual reports from different sources refined in Data platform. In this post I will cover some of the security solutions for Power BI but first we have to see what is Power BI. What is inside Power BI? Power BI […]
Author: Harri Jaakkonen

Leave a Reply

Your email address will not be published. Required fields are marked *