Microsoft Defender for Office 365: Using reports to assess effectiveness

Microsoft Defender for Office 365 includes a set of reports you can use to assess how well your protections are working, and this video shows where they live and what they’re good for. It starts on the Email and collaboration reports page, where each report card previews the data and lets you hover charts for exact values, then open View details for the full report. The walkthrough highlights the Threat protection status report—showing how many messages with malicious files or URLs were blocked by anti-malware, Zero-hour auto purge (ZAP), and Defender for Office 365 features—along with filtering options like date, detection type, protection, tags, and domains to isolate Defender for Office 365 signals (Safe Links, Safe Attachments, anti-phishing). It also calls out Priority accounts reporting, and spotlights the System override view as especially useful for understanding why malicious emails were delivered (safe senders, allowed IPs, and other overrides). Finally, it introduces the Mail flow status report, including the funnel view that shows how protection layers reduce delivered mail, and the Tech view for more granular categorization across threat protection stages.

We produced this as a clarity-first reporting tour—built to help security teams quickly turn “we have data” into “we have direction.” The flow is intentionally practical: we focus on the handful of report views that actually change decisions, keep the interface legible, and pace the narration around interpretation (what you’re looking at and why it matters), not just clicking. The result is a quick, repeatable walkthrough your team can use to spot trends, understand delivery exceptions, and tune policies with fewer guesswork laps. Final delivery includes closed captions, audio description, and thumbnails.