Reporting in Microsoft 365 Defender for Office 365
Reporting in Microsoft 365 Defender for Office 365

By the time you finish this course, you should have a good understanding of the reporting and alerting options in Microsoft Defender for Office 365. We'll start off with a lesson on the reporting options in Defender for Office 365 where we'll quickly touch on the reports that are available, and we'll then work through a quick reporting demonstration. We'll run through alerting and you'll learn about alert policies. A guided demonstration will then show you how to create an alert policy.

Learning Objectives

  • Learn about reporting in Microsoft 365 Defender for Office 365
  • Learn how to view reports
  • Learn about alerts and alert policies in Defender
  • Configure an alert policy

Intended Audience

This quick-hitting course is intended for those who wish to learn about the reporting and alerting options in Microsoft Defender for Office 365.


To get the most out of this course, you should have a basic understanding of Office 365.


Welcome to Reporting in Microsoft 365 Defender for Office 365. Microsoft Defender for Office 365 offers several types of security-related reports, which can be viewed in the Security and Compliance Center. The Security and Compliance Center can be accessed via the URL that you see on your screen.

The Defender for Office 365 file types report can be used to view the types of files detected as malicious by Safe Attachments. When using the detail view, you get 10 days of filtering, while the aggregate view offers 90 days of filtering. The Defender for Office 365 message disposition report displays actions that were taken for email messages containing malicious content. You can use the Mail Latency report to view an aggregate of the mail delivery latency within your organization.

The Threat Protection Status report shows information about malicious content and malicious email that's been identified and blocked by Exchange Online Protection and by Microsoft Defender for Office 365. The URL Threat Protection report provides both summary views and trend views for threats that have been detected. It shows you actions that have been taken on URL clicks as part of Safe Links.

Other reports that are available include email security reports, like Top Senders and Recipients, the Spoof Email report, and the Spam Detections report. Mail Flow reports, like the Forwarding report, the Mailflow Status report, and the Top Senders and Recipients report are also available. Join me in the next lesson where I'll show you how to view Defender for Office 365 reports in the reports dashboard.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.