Back to blog

Weekly reporting – what do you need? Confessions of a ‘Reports Geek’

Aug 1, 2018 by Russ McKeith

Weekly reporting

Weekly reporting is all about getting the most out of your Office 365 tenants. Whilst it’s easy to think of Office 365 as one technology, in practice there are various departments with vested interests in verifying adoption and usage, tracking ROI, and cross charges for licensing benefit greatly.

The shift from daily reporting to weekly reporting is significant, and we’re going to use a medical analogy to highlight it here. Daily reporting is ‘staying alive’ checking your tenant’s vital statistics, ensuring tenant health, triaging any issues that threaten overall health. Weekly reporting is about ‘quality of life’, checking that the platform is optimized, putting in measures to ensure longevity. With weekly reporting, we’re looking to maximize the usage and productivity benefits from the tenant, driving adoption of new features and technologies. Efficient weekly reporting is likely to span a number of different areas, departments, and stakeholders, so it will greatly ease the pressure if you can minimize manual intervention by scheduling your reports. Our Office 365 reporting tool has scheduling functionality that will automatically send reports to the appropriate technician or manager responsible for that technology, at the time, date, and interval of your choosing.

Inventory Report

The inventory report is a guide to what has been happening in the tenant from various sources, for example, subscriptions, connected mobile devices, key workload activities for Exchange, Skype, etc. This report should be used as a quick reference guide by managers and is best scheduled once per week to the IT management team.

Mail traffic trend

The Mail traffic graph shows us the mail trends for the tenant over the last week, demonstrating overall performance and highlighting any outages or issues that can impact business performance and productivity. The key takeaway from this report are areas where your business’s messaging systems were impacted and the time to rectify any messaging issues proving against any SLAs or objectives.


Should managers wish to delve a little deeper, something like the inactive users’ report can be useful. Using this report should correlate with any Out of Office or other user types. This can also be a good indication of where licenses can be recycled.


Adoption metrics are always useful, but especially when rolling out a new technology. In a maturing tenant, we would expect to see steady adoption and usage week to week, as users and departments become familiar with applications. We can even compare and contrast as new technology supersedes a predecessor, seen here below with Skype and Teams.

Adoption reporting will also lead us to where we should review licensing, and increase or trim down subscriptions. In our Office 365 reporting software, you can see user-level license usage, with granular detail. These reports enable you to better answer questions, such as: Is there space to use E3 instead of E5 for some users? How about Microsoft Project? Does all of the project team require it or just a few? This can bring much-needed revenue back into the department that can be better spent on more productive licenses.

Weekly security reports

Weekly security reports should be checked by the InfoSec Team, looking for any potential threat vectors that may have occurred. A good place to start is with mobile devices belonging to staff that still have credentials but have not logged in for a while. These devices (if lost or sold) can be broken into, and access can be gained to your corporate network. As part of best security practice, this should be fully reviewed against policy at least monthly and any inactive devices deregistered.

As we look further into the security of the tenant at this point we should look more to the audit logs to find out if a user has become rogue for any reason. Under a breach or potential breach, it is reasonable to expect that precautions will have been put in place by the infosec team for external threats, but what happens when an account is compromised? We can look for improbable travel screening out false positives such as Shadow IT (mailbox hygiene, clean-up agents) and failover sites. When looking at the data areas of concern should be scrutinized and possibly marked as accounts to watch as they could become vectors for spear phishing attacks.

Administrator Actions

Should your organization have multiple admins or external contractors with admin privileges tracking their actions across the tenant is something that should be undertaken by management and reported against any metrics for those contractors or simply as good practice to eliminate any mistakes or check any action done that could compromise system integrity.

Sharepoint External sharing

External sharing and the permissions to do so should be reviewed each week with the mindset of “Does this user require it to function” not it’s because they like it or they always have. Especially as people move roles and change departments, does someone from marketing, for example, still require external sharing if they move to a more product or client facing role?


As a final note on weekly reports, it’s always worthwhile scheduling a report on DLP in the smooth running of an organization this report should be blank. It is worth noting that the filters must be configured and active within the tenant (if you don’t have this, you will see the pop-up below). O365 comes with some pre-configured filters but if there are any specific to your business you should add these in the admin center of your tenant.

Now that we’ve covered the analytics that should be monitored weekly, our next post will take a look at the key reporting areas that should be reviewed on a monthly basis.