Back to blog

New Office 365 Security Report: Compromised Accounts

4 Jul 2018 by Doug Davis

We’re pleased to announce our new Office 365 security report available in Radar Security & Audit this week. The Compromised Accounts Reports reviews your accounts through known databases of compromised accounts that are in the public domain.

Unfortunately, there have been many breaches over the years, and if you have a large enough organization there is a good chance that one or more of your emails has been compromised. Within the report, these breaches will be tracked by domain as there can be multiple email domains within your Office 365 environment.

Office 365 Security Reporting

If one of your accounts does show up in the list, it doesn’t mean that the account is currently compromised or that it can be used to get into your system, but information that could have been used was available. If there were secondary protection systems on your email domains, they may have offered protection.

Review activities for this account using the Audit Timeline and make sure that the account has a new password and uses other security features such as multi-factor authentication.

There are two reports in this node, the Domains Overview and the Domain History Report.

Review the Domains Overview report to get a list of the domains that have been compromised in a specific breach. Each breach is a little different, and the passwords that could have been compromised may be for external services. For each breach make sure that you review the associated breach information sheet to understand the scope and potential for action. If the report is empty, no known emails were found in the databases.

A screen shot of our Office 365 security report,, showing compromised accounts

Expand the results to see details on the particular accounts that have been compromised.

The Domains History report displays a historical graph of how many accounts have been found to be breached within each email domain and may indicate an email domain that is more prone to breaches or give you a sense of the scope of the issue.

A screen shot of our Office 365 security report showing an historical overview of Compromised Accounts

If the report is empty no known emails were found in the databases.

Currently, we are checking against the Have I Been Pwned list but we will add more lists over time. As of July 2018, this database included over 5 billion compromised accounts.

As with all of the reports, this information can be customized, filtered and scheduled.

If you’re keen to learn more about Office 365 security reporting, you can view our Radar for Security & Audit datasheet here.