AvePoint Docs
Graph API
My support tickets
Graph API
My support tickets
English

    Home > User Management > View Overview Statistics of a Tenant > Security Analytics

    Export to PDF

    Security Analytics

    In the general section, you can find a summary of user account metrics, including total users, users with MFA disabled, users with sign-in blocked, and users with password expired. Each metric is accompanied by a trend analysis highlighting numerical comparisons over the last 7 days. By clicking the number link, you will be redirected to the User management > Users page > All users tab, where a list of users with the corresponding condition is automatically filtered for quick review.

    *Note: When assessing MFA status, Elements verifies each user’s MFA configuration (per-user MFA) directly in Microsoft Entra. MFA requirements enforced through conditional access policies are not included in this assessment.

    In the User compliance report section, you can find an analysis of user adherence to organizational compliance requirements. It covers the following parts:

    > ***Note**: Data in this report is retrieved from the built-in workflow. For detailed instructions, refer to [Workflows](#missing-link). - **How to fix** – Displays the definition of risk categories and the relevant workflows: network security, endpoint security, configuration security, and identity access. - **Fix status** – Displays the total number of risky actions, the number of auto-fixed risky actions, and the number of unfixed risky actions. - **Fix status by category** – Displays the number of auto-fixed risky action and the number of unfixed risky actions in each category. - **Network security** – Detects users with anomalous sign-in activities, including failed sign-ins, sign-ins from out-of-range IPs, sign-ins from multiple different IPs, and sign-ins from invalid countries/regions. The rules listed below are powered by **Workflows**. Clicking a rule will redirect you to the **Workflow** details page to view and modify rule configurations. - **Identity access** – Highlights users access sensitivity data, modify files, and delete files, and guest users with admin privileges or guest users from untrusted domains. The rules listed below are powered by **Workflows**. Clicking a rule will redirect you to the **Workflow** details page to view and modify rule configurations. - **Configuration security** – Highlights users with MFA disabled or conditional access policy disabled, and users forwarding emails to untrusted domains. The rules listed below are powered by **Workflows**. Clicking a rule will redirect you to the **Workflow** details page to view and modify rule configurations. - **Endpoint** **security** – Highlights users who access from unmanaged devices or non-compliant devices. The rules listed below are powered by **Workflows**. Clicking a rule will redirect you to the **Workflow** details page to view and modify rule configurations. - **Risk** **assessment** – Displays the number of risky users versus compliance users and risky actions versus normal actions in the last 7 days. - **Risk** **level**– Displays the number of events in medium risk and high risk in the lats 7 days. - **Daily** **risky actions**– Displays total actions and risky actions on a daily basis. - **Sign-in insights** – Displays all sign-ins and risky sign-ins using Google maps geolocation.