Explore security reports and dashboards


The Microsoft security center includes a Reports section that shows various cards covering different areas. Security analysts and administrators can track the cards as part of their day-to-day operations. On drill-down, cards provide detailed reports and, in some cases, management options.

By default, cards are grouped by the following categories:

  • Identities - user accounts and credentials.
  • Data - email and document contents.
  • Devices - computers, mobile phones, and other devices.
  • Apps - programs and attached online services.

In the example below, the cards are grouped by category. The first category is Identities where you find two cards, Users at risk and Global admins. The second category is Data where you find two cards, Users with the most shared files and Third-party DLP policy matches.

Screenshot showing the Microsoft 365 security reports page.

You can group cards by topic, which will rearrange the cards and group them into the following areas:

  • Risk - cards that highlight entities, such as accounts and devices, that might be at risk. These cards also highlight possible sources of risk, such as new threat campaigns and privileged cloud apps.
  • Detection trends - cards that highlight new threat detections, anomalies, and policy violations.
  • Configuration and health - cards that cover the configuration and deployment of security controls, including device onboarding states to management services.
  • Other - all cards not categorized under other topics.

In the example below, the cards are grouped by topic. The first category is Risk. The second category is Detection trends.

Screen shot showing the Reports page within Microsoft 365 Security.

Use the Reports section to view security trends across your organization, and track the protection of your organization’s devices, apps, identities, and data.