/Microsoft-Purview-Advanced-Rich-Reports-MPARR-Collector

Repository with all the MPARR components solution

Primary LanguagePowerShellMIT LicenseMIT

Project

Welcome to Microsoft Purview Advanced Rich Reports (MPARR) Collector.

Having the right information at the right time has great business value, especially in the context of implementing security and compliance measures. It's crucial to recognize that achieving this goal is a strategic business objective. Generating user-friendly reports to monitor end users' utilization and adoption is a valuable global asset. This solution leverages data from Microsoft 365 services, empowering different business units to access relevant information. C-level executives can utilize this solution to gain insights into compliance-related business metrics.

MPARR 2 Architecture

Current Architecture for MPARR

Today one of the principal challenges in all organizations is stay align with the Compliance principles, each organization define their own priorities, and policies definitions. But, in all the cases they need to involve the complete organization, and to involve we need to show the right information at the right time. Office 365 Management API collect all the information available through Unified Auditing tool, this helps to Security, Compliance and IT areas looking for some specific information and generate some reports but is not possible easily to show that information to different business units, and they don’t have the time neither to prepare more detailed reports.

image

Variables needed to set in laconfig.json files and the TableNames created on Logs Analytics

In that order of ideas, the solution presented next permit to have a robust solution to collect all the data and prepare reports with specific scopes to specific audiences, without require special permissions or additional knowledge to understand the security tools. This solution collects all the information available through Office 365 Management API and store this information on Logs Analytics workspace, this one can be the same used for Sentinel (we will discuss more this point next), from this workspace the information can be consumed using Power BI desktop to create advanced rich reports to publish then with Power BI online workspaces, this step permit to generate different workspaces for different audiences. To give more added value to these reports, some additional scrips are delivered, to collect as example the data related to Azure AD attributes, this one permit to create reports based on location, country, business units and any other Azure AD attribute available.

MPARR - Solution data in Logs Analytics

TableNames created on Logs Analytics and use

As we said previously, because this information can be stored on the same workspace used for Sentinel, this information can be utilized to generate workbooks with more detailed information for Security monitoring. In this article, we will see how we can implement this script to start collecting the information and consume that information.

Some Power BI reports that can be created:

MPARR - DLP overview

DLP Overview, department filter and dates filter

MP8851~1

Access denied and grantes over protected documents

MPARR - Unified Labeling Overview

Unified Labeling Overview filtering by Deparment and Country

MPARR - Worldwide Operations review

Worlwdide activities filtering by Operation

MPARR - MIP Scanner

MIP Scanner dashboard

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Trademarks

This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.