DEMO: View Reports in the Reports Dashboard
Start course

By the time you finish this course, you should have a good understanding of the reporting and alerting options in Microsoft Defender for Office 365. We'll start off with a lesson on the reporting options in Defender for Office 365 where we'll quickly touch on the reports that are available, and we'll then work through a quick reporting demonstration. We'll run through alerting and you'll learn about alert policies. A guided demonstration will then show you how to create an alert policy.

Learning Objectives

  • Learn about reporting in Microsoft 365 Defender for Office 365
  • Learn how to view reports
  • Learn about alerts and alert policies in Defender
  • Configure an alert policy

Intended Audience

This quick-hitting course is intended for those who wish to learn about the reporting and alerting options in Microsoft Defender for Office 365.


To get the most out of this course, you should have a basic understanding of Office 365.


Hello, and welcome back. In this brief demonstration here, I just want to walk you through the process of viewing reports using the reports dashboard in Office 365 Security and Compliance. Now on the screen here, I'm at the homepage for Office 365 Security and Compliance, and I'm logged in as my global admin.

To view reports, what we do here is simply scroll down, and we bounce into the reports option here in the left navigation pane. And then from there, we can go into the dashboard for reports. Now from this dashboard, you can see we have access to all kinds of different reports here. Now you'll also notice that there's really not a whole lot of data here. And that's because this tenant is a tenant I spun up just for this course, so I don't have a whole lot of activity here. However, that doesn't change the way we access the actual reports. And that's what I'm trying to show you here.

So from this dashboard, what we'll do for this demo here is just take a look at the Safe Attachments file types report. So we'll go ahead and click on the box here. And we can see that it brings up these Safe Attachments file types report. We can see information on malicious PDF attachments, on malicious URLs, flash attachments that are malicious, executable attachments that are malicious, Word attachments, Excel attachments, and even PowerPoint attachments that are malicious.

Now what we can do here is select filters. And then we can filter this report by start and end date. And we can select what file types we're interested in with this report. For example, if I wanted to remove others, you can just apply it, and we can see others is no longer listed here. If we go back in, reselect others, we can see other shows up.

Now from this Safe Attachments file types report page, we can also see we have some related reports. So if we select the report down here, we can see it takes us to the Safe Attachments message disposition report. This is where it tells us what messages had access blocked, which messages were replaced, which messages were monitored, and which ones were replaced by dynamic email delivery. And again, if we select filter here, we can specify the start and end date for our report. And we can select what dispositions we're interested in. I'm not too worried about selecting dispositions here, so we'll cancel out of here. And then you'll notice in this message disposition report, in the related reports, we see the original Safe Attachment file types report. And then from here, if we bounce back out to the dashboard, we can then see all of the other reports that we have access to. And that's pretty much it.

Again, if we had a production environment, we'd see more data, and it'd be little more cool to look at. But at this point, it's pretty much just a lab environment, so I can't really offer a whole lot in terms of data. But that's how you access reports that tell you what's going on within Defender for Office 365.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.