Security Reports
Comprehensive security reporting across your Microsoft 365 environment. Monitor threats, track incidents, analyze vulnerabilities, and measure security posture improvement over time across all managed tenants.
Report Categories
Threat Reports
Active threats, malware detections, phishing attempts, and compromised accounts across all tenants.
- Malware detection summary
- Phishing campaign analysis
- Compromised user accounts
- Threat actor activity
Incident Reports
Security incidents from Microsoft Defender, their status, severity, and resolution timeline.
- Active incidents by severity
- Mean time to resolve (MTTR)
- Incident trends over time
- Cross-tenant incident correlation
Vulnerability Reports
Software vulnerabilities discovered across managed devices, with CVE details and remediation status.
- Critical vulnerabilities
- Exposed devices by CVE
- Patch compliance status
- Vulnerability age analysis
Secure Score Reports
Security posture tracking with score history, improvement trends, and benchmark comparisons.
- Score trends over time
- Category breakdown
- Tenant comparisons
- Industry benchmarks
Threat Summary
| Metric | Value | Detail |
|---|---|---|
| Active Threats | 47 | Last 24 hours |
| Blocked Attacks | 156 | Last 7 days |
| Open Incidents | 12 | Requiring action |
| Threats Contained | 94% | Auto-remediated |
| Threat Type | Count | Blocked | Tenants Affected |
|---|---|---|---|
| Malware | 234 | 229 (98%) | 18 |
| Phishing | 1,456 | 1,423 (98%) | 45 |
| Ransomware | 3 | 3 (100%) | 2 |
| Credential Theft | 89 | 76 (85%) | 12 |
Incident Analysis
Incidents by Severity
| Severity | Count | Detail |
|---|---|---|
| Critical | 3 | Immediate action |
| High | 12 | Action required |
| Medium | 28 | Review needed |
| Low/Info | 156 | Monitored |
Resolution Metrics
| Metric | Value | Trend |
|---|---|---|
| Mean Time to Detect | 4.2 min | -15% from last month |
| Mean Time to Respond | 18 min | -22% from last month |
| Mean Time to Resolve | 2.4 hrs | -8% from last month |
Vulnerability Overview
By Severity
| Severity | Count |
|---|---|
| Critical | 45 |
| High | 128 |
| Medium | 342 |
| Low | 567 |
Top Vulnerable Software
| Software | CVEs |
|---|---|
| Adobe Acrobat Reader | 23 CVEs |
| Google Chrome | 18 CVEs |
| Microsoft Edge | 12 CVEs |
| Java Runtime | 9 CVEs |
| 7-Zip | 4 CVEs |
Secure Score Trends
Score Distribution
| Score Range | Tenants |
|---|---|
| Excellent (80%+) | 12 tenants |
| Good (60-79%) | 28 tenants |
| Needs Work (40-59%) | 15 tenants |
| Critical (below 40%) | 5 tenants |
Category Scores (Average)
| Category | Score |
|---|---|
| Identity | 78% |
| Device | 65% |
| Apps | 52% |
| Data | 58% |
Report Filters
- Date Range — Last 24 hours, 7 days, 30 days, 90 days, or custom
- Tenant — All tenants, specific tenant, or tenant groups
- Severity — Critical, High, Medium, Low, Informational
- Category — Threats, Incidents, Vulnerabilities, Score
- Status — Active, Resolved, Investigating, False Positive
Data Sources
GET /security/alerts— Security alertsGET /security/incidents— Security incidentsGET /security/secureScores— Secure Score dataGET /security/tiIndicators— Threat indicatorsGET /deviceManagement/windowsMalwareInformation— Malware detections
API Reference
GET /api/reports/security/threats— Get threat summary across tenantsGET /api/reports/security/incidents— Get incident analysis reportGET /api/reports/security/vulnerabilities— Get vulnerability overviewGET /api/reports/security/secure-score— Get Secure Score trendsPOST /api/reports/security/export— Export security report
Last updated on