Views:
Note
Note
  • The Internal User Risk Analytics widgets are available only after you have granted Cloud App Security access to one or more Microsoft 365 services for your organization.
  • For Cloud App Security to obtain data from the sources, make sure you have performed the following:
    • To obtain data from Trend Vision One, grant the data upload permission for the data source Email Sensor, Microsoft Entra ID, or Microsoft 365 on Trend Vision One.
      Data contributed by Trend Vision One is available only when you select the default organization.
    • To obtain data from Microsoft Identity Protection, add an Microsoft Identity Protection account.
  • Select the data sources at the top of the Internal User Risk Analytics widgets to view the corresponding results.
By obtaining and aggregating high risk event data from Trend Vision One and Microsoft Identity Protection, Cloud App Security allows you to learn about the risk trends of Microsoft 365 users in your organization based on a wide range of risk information.
The high risk events fall into the following categories:
  • Suspicious sign-in activities: sign-in activities with anomalous attributes, such as IP address, location, or browser
  • Suspicious credential activities: activities indicating credential attack or compromise
  • Suspicious user activities: unusual user behavior, such as abnormal permission assignment and suspicious access or configuration
  • Admin confirmed user compromised: user compromise confirmed by administrators
Use the drop-down menu to select the time period to view.
Widget
Description
At-Risk User Trends
Displays the number of Microsoft 365 users in your organization triggering high risk events over a period of time.
Click a risk category to view or hide the number of users triggering the risk events in this category in the trend graph.
Hover over a point in the trend graph to view details about the triggering users.
Click Go to Operations Dashboard to view more risk information about the users in your organization.
The Operations Dashboard in Trend Vision One aggregates data from wider sources and dimensions to provide you in-depth and comprehensive risk insights.
Top 5 Users with High-Risk Events
Displays the internal Microsoft 365 users that trigger the most high risk events.
By obtaining and aggregating high risk event data from Trend Vision One and Microsoft Identity Protection, Cloud App Security allows you to identify the most at-risk internal Microsoft 365 users in your organization based on a wide range of risk information.
Hover over the number of events to view the event details, including the name and triggered times of each event.
Select a conditional access action to apply to a user.
Click Go to Operations Dashboard to view more risk information about the users in your organization.
The Operations Dashboard in Trend Vision One aggregates data from wider sources and dimensions to provide you in-depth and comprehensive risk insights.
Top 5 High-Risk Events
Displays the high risk events that are triggered most frequently by internal Microsoft 365 users.
By obtaining and aggregating high risk event data from Trend Vision One and Microsoft Identity Protection, Cloud App Security allows you to identify the risk events that pose the biggest dangers to your organization based on a wide range of risk information.
Select a risk category from the Risk Category drop-down menu to view the top users that trigger the high risk events in this category.
Click Go to Operations Dashboard to view more risk information about the users in your organization.
The Operations Dashboard in Trend Vision One aggregates data from wider sources and dimensions to provide you in-depth and comprehensive risk insights.