Enterprise Reporter 3.5

SharePoint Online Discovery Hotfixes Computer Discovery Publishing Reports to SQL Server Reporting Services (SSRS)

Performance Enhancements New Reports Updated Reports New Reporting Options New Discovery Options and Changes Enhanced Data Collection Other General Enhancements

Performance Enhancements

Active Directory Collector

When multiple domain controllers are specified for and Active Directory discovery, the workload is now spread among those domain controllers to improve performance.

Collection times have been greatly improved by changes made to how information is received once it is gathered during Active Directory discoveries.

New Reports

New Active Directory Reports

The following new Active Directory reports are added to the Report Library.

Table 1. New Active Directory Reports
Report name	Report description
Resultant Domain Kerberos Configuration	Shows the resultant Kerberos GPO configuration for selected domains. Includes a parameter to select the domains to be included in the report.

The following new Active Directory health check reports are added to the Report Library.


Report name	Report description
Health Check \| Active Directory
Active Directory Permissions - Dangerous permissions delegated	Shows all Active Directory permissions for the selected domains and Active Directory objects. These permissions can be used to attack Active Directory. For information about attack types, see https://attack.mitre.org/mitigations/M1015/
Active Directory Permissions - Domain Controller Owners	Shows all Active Directory permissions for the selected domains and Active Directory objects. The Domain Administrators group or the Enterprise Administrators group are set as owners for domain controllers. For details, see Privileged Account Management at https://attack.mitre.org/mitigations/M1026/
Active Directory Permissions for Account (Everyone)	Shows the Active Directory permissions for an account, including permissions derived through group membership. (Excluding Deny Permissions and Change Password permissions).
AdminSDHolder Permissions	Shows all Active Directory permissions for the selected domains and Active Directory objects. For more information see Protected Accounts and Groups in Active Directory at https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/appendix-c--protected-accounts-and-groups-in-active-directory and Active Directory Configuration at https://attack.mitre.org/mitigations/M1015/
Domain Accounts (Users and Groups) with SID History Attribute not empty	Shows all the domain accounts for the selected domains which can leave accounts open to Access Token Manipulation: SID-History Injection attacks. Adversaries can use SID-History Injection to escalate privileges and bypass access controls. For details, see https://attack.mitre.org/techniques/T1134/005/
Domain Groups and Members (Pre-Windows 2000 Compatible Access)	Shows the group memberships for the selected domains and groups. If you include nested groups, the membership of the groups is displayed. For details, see https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/7a76a403-ed8d-4c39-adb7-a3255cab82c5?redirectedfrom=MSDN and Exploitation of Remote Services https://attack.mitre.org/techniques/T1210/
Health Check \| Computer
Computer Services on Domain Controllers (Print Spooler)	Shows information about the services for the selected computers. (Enterprise Reporter Windows Server License must be available). More details at https://adsecurity.org/?p=4056
Domain Computers Having Constrained Delegation	Shows domain computers for selected domains that have constrained delegation.
Domain Computers Having SID History	Shows domain computers for selected domains that have some value specified in SID History attribute.
Domain Computers Having Unconstrained Delegation	Shows domain computers for selected domains having unconstrained delegation.
Domain Computers whose sAMAccountName Does Not End In a Dollar Sigh	Shows domain computers for selected domains whose sAMAccountName does not end in a Dollar Sign.
Health Check \| Group
Privileged Domain Groups and Members	Shows the group memberships for the selected domains and groups. These privileged groups should have as few members as possible. DNSAdmins should have no members. If you include nested groups, the membership of the groups is displayed. For details, see Privileged Account Management https://attack.mitre.org/mitigations/M1026/
SID History Auditing Group available in Domain (Migration in Progress)	Shows if a SID History auditing group has been created in the domain.
Health Check \| User
Active Directory Permissions - Delegations for Accounts that cannot be resolved	Shows all active directory permissions for the selected domains and active directory objects. These permissions can be used for attacks. For details, see Active Directory Configuration https://attack.mitre.org/mitigations/M1015/
Built-in AD Administrator Account Usage	Shows native Administrator account in selected domains who have logged in selected timeframe.
Domain User Accounts that are Sensitive and Cannot be Delegated	Shows all domain user accounts for selected domains that cannot be delegated.
Domain Users who do not require a password	Shows all domain users for selected domains who do not require a password.
Domain Users who do not require Kerberos Pre-Authentication	Shows all domain users for selected domains where the account is configured with the "Do not require Kerberos pre-authentication" option. Kerberos pre-authentication is a security feature which offers protection against password-guessing attacks. When you do not enforce pre-authentication, a malicious attacker can directly send a dummy request for authentication.
Domain Users with weak DES encryption enabled	Shows all domain users for selected domains that have weak DES encryption enabled. DES is considered weak cryptography and is no longer enabled by default in Kerberos authentication.
Golden Ticket Mitigation - Last Password Change for krbtgt account	Shows user password information for the krbtgt account. Attackers who have the krbtgt account password hash can forge Kerberos ticket-granting tickets (TGT), also known as a golden ticket. Golden tickets enable adversaries to generate authentication material for any account in Active Directory.
Privileged Accounts that are Sensitive and Cannot be Delegated	Shows all privileged accounts for selected domains that are configured with the "Account is sensitive and cannot be delegated" option.
Privileged Accounts that have Not Logged In	Shows privileged accounts in selected domains having unchanged passwords and have not logged in.
Privileged Accounts Vulnerable to the Kerberoast Attack	Shows all privileged user accounts that are vulnerable to the Kerberoast attack. Kerberoasting is an attack technique that attempts to crack the password of a service account within the Active Directory.
Privileged Accounts with Unchanged Passwords that Logged In	Shows privileged accounts in selected domains having unchanged passwords and have logged in.
User Account(s) that have Constrained Delegation	Shows all the domain users for the selected domains that have TRUSTED_FOR_AUTH_DELEGATION enabled. For details, see https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties
User Account(s) that have Unconstrained Delegation	Shows all the domain users for the selected domains that have TRUSTED_FOR_DELEGATION enabled. For details, see https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties

New Azure Active Directory Reports

The following new Azure Active Directory reports have been added to the Report Library.

Table 2. New Azure Active Directory Reports
Report name	Report description
Azure Active Directory Deleted Users	Shows deleted users for the selected tenants. Contains a parameter to select the tenants to be included in the report.
Azure Managers with Direct Reports	Shows all the direct reports for the selected managers. Contains parameters to select the tenants and Azure managers to be included in the report.

New Computer Reports

The following new Computer reports have been added to the Report Library.

Table 3. New Computer Reports
Report name	Report description
Scheduled Tasks	Shows the scheduled tasks for the selected computers. Contains parameters to select the domains, computers, and locations to be included in the report.
Server Features	Shows all the Windows Server Features for the selected computers.

New Office 365 Reports

The following new Office 365 reports have been added to the Report Library.

Table 4. New Office 365 Reports
Report name	Report description
Microsoft Dysfunctional Teams	Shows Microsoft Teams with No Owners or Less Than Two Members. Contains parameters to select the tenants and teams to be included in the report.
Microsoft Teams Application Permission Policies	Shows the Microsoft Teams Application Permission Policies for the selected tenants. Contains parameters to select the tenants and policies to be included in the report.
Microsoft Teams Calling Policies	Shows the Microsoft Teams Calling Policies for the selected tenants. Contains parameters to select the tenants and policies to be included in the report.
Microsoft Teams Meeting Policies	Shows the Microsoft Teams Meeting Policies for the selected tenants. Contains parameters to select the tenants and policies to be included in the report.
Microsoft Teams Messaging Policies	Shows the Microsoft Teams Messaging Policies for the selected tenants. Contains parameters to select the tenants and policies to be included in the report.
Microsoft Teams Organization Settings	Shows the Microsoft Teams Organization Settings for the selected tenants. Contains a parameter to select the tenant to be included in the report.
Microsoft Teams Tabs	Shows the Microsoft Teams tabs for the selected channels, teams, and tenants. Contains parameters to select tenants, teams, channels, and tabs to be included in the report.
Microsoft Teams Team and Channel Policies	Shows the Microsoft Teams Team and Channel Policies for the selected tenants. Contains parameters to select the tenants and policies to be included in the report.
Microsoft Teams User Policies	Shows some Microsoft Teams User Policies for the selected users. Contains parameters to select the tenants and users to be included in the report.
SharePoint Online Access Control Settings	Shows the access control settings for the selected tenants. Contains a parameter to select the tenants to be included in the report.
SharePoint Online Configuration Settings	Shows the configuration settings for the selected tenants. Contains a parameter to select the tenants to be included in the report.
SharePoint Online Office 365 Group Sites	Shows all Office 365 group sites for the selected SharePoint Online Tenants. Contains parameters to select the tenants and sites to be included in the report.
SharePoint Online Permissions for Identity	Shows the SharePoint Online permissions for the selected identity in the selected tenants and sites. Contains parameters to select the identity, tenants, sites, and roles to be included in the report.
SharePoint Online Sharing Policies	Shows the sharing policies for the selected tenants. Contains parameters to select the tenants to be included in the report.
SharePoint Online Site Administrators	Shows all site administrators for the selected SharePoint Online Tenants and sites. Contains parameters to select the tenants, site collections, and sites to be included in the report.
SharePoint Online Site Group Information with Members	Shows all site groups and their members for the selected SharePoint Online Tenants and sites. Contains parameters to select the tenants, site collections, sites, and site groups to be included in the report.
SharePoint Online Site Sharing	Shows the sharing settings for the selected tenants and sites. Contains parameters to select the tenants, site collections, and sites to be included in the report.
SharePoint Online Site Permissions	Shows the site permissions for the selected tenants and sites. Contains parameters to select the tenants, site collections, sites, and roles to be included in the report.
SharePoint Online Sites without an Office 365 Group	Shows all sites without an Office 365 group for the selected tenants. The report will not include subsites for the sites. Contains parameters to select the tenants, site collections, and sites to be included in the report.
SharePoint Online Summary	Shows a summary of SharePoint Online for the selected Office 365 tenants. Contains a parameter to select the tenants to be included in the report.

New Security Explorer Remediation Reports

The following new Security Explorer Remediation reports have been added to the Report Library.

Table 5. New Security Explorer Remediation Reports
Report name	Report description
Group Managed Service Accounts and Members with Actions	Shows all the managed service accounts and their members for the selected domains. Contains parameters to select the domains, organizational units, and managed service accounts to be included in the report.
Managed Service Accounts and Members with Actions	Shows all the managed service accounts and their members for the selected domains. If you choose to include nested groups, membership of the group members is displayed. Contains parameters to select the domains, organizational units, and group managed accounts to be included in the report.

New Report Types

The following new report types have been added to the Report Library.

Table 6. New Report Types
Category	Report Type	Report Type description
Microsoft Teams	Teams Organization Settings	Provides information on Microsoft Teams organization-wide settings. Contains fields for Teams Client, External Access, Guest Calling, Guest Meeting, and Guest Messaging settings.
Microsoft Teams \| Policies	Teams App Permission Policies	Provides information on Microsoft Teams App Permission Policies. Contains fields for Teams Tenant and Teams App Permission Policies.
Microsoft Teams \| Policies	Teams Calling Policies	Provides information on Microsoft Teams Calling Policies. Contains fields for Teams Tenant and Teams Calling Policies.
Microsoft Teams \| Policies	Teams Meeting Policies	Provides information on Microsoft Teams Meeting Policies. Contains fields for Teams Tenant and Teams Meeting Policies.
Microsoft Teams \| Policies	Teams Messaging Policies	Provides information on Microsoft Teams Messaging Policies. Contains fields for Teams Tenant and Teams Messaging Policies.
Microsoft Teams \| Policies	Teams Team and Channel Policies	Provides information on Microsoft Team s Team and Channel Policies. Contains fields for Teams Tenant and Teams Team and Channel Policies.
Microsoft Teams \| Policies	Teams User Policies	Provides information on Microsoft Teams User Policies. Contains fields for Teams Tenant, Teams User Identity, Teams Team and Channel Policies.
Microsoft Teams	Teams Tab	Provides information on Microsoft Teams Tab. Contains fields for Teams Tenant, Teams Identity, Teams Channel, and Teams Tab.
SharePoint Online	SharePoint Online Configuration Settings	Provides information on SharePoint Online configuration settings. Contains fields for SharePoint Online Tenant and SharePoint Online Configuration Setting.
SharePoint Online	SharePoint Online Site Groups	Provides information on SharePoint Online site groups. Contains fields for SharePoint Online Tenant, SharePoint Online Site Collection, SharePoint Online Site, and SharePoint Online Group.
SharePoint Online	SharePoint Online Policies	Provides information on SharePoint Online Policies. Contains fields for SharePoint Online Tenant and SharePoint Online Policy.
SharePoint Online	SharePoint Online Settings and Policies.	Provides information on SharePoint Online Settings and Policies. Contains fields for SharePoint Online Tenant, SharePoint Online Configuration Settings, and SharePoint Online Tenant Policy.
SharePoint Online	SharePoint Online Site Group Members	Provides information on SharePoint Online site group members. Contains fields for SharePoint Online Tenant, SharePoint Online Site Collection, SharePoint Online Site, SharePoint Online Site Group, and SharePoint Online Site Group Member.
SharePoint Online	SharePoint Online Site Permissions	Provides information on SharePoint Online site permissions. Contains fields for SharePoint Online Tenant, SharePoint Online Site Collection, SharePoint Online Site, SharePoint Online Role Assignment Set, SharePoint Online Role Assignment, SharePoint Online Permission, and Azure Identity.
SharePoint Online	SharePoint Online Site Users and Azure Group Members	Contains fields for the site and its related Azure Groups as well as the member accounts. Contains fields for the site user information at includes if the user is site administrator or if the user is primary admin. Contains fields for SharePoint Online Tenant, SharePoint Online Site Collection, SharePoint Online Site, SharePoint Online Site User, Azure Identity, Azure Group, and Azure Group member.
SharePoint Online	SharePoint Online Sites	Provides information on SharePoint Online sites. Contains fields for SharePoint Online Tenant, SharePoint Online Site Collection, and SharePoint Online Site.

Updated Reports

Updated Azure Resource Reports

The following Azure Resource reports have been updated in the Report Library.

Table 7. New Azure Resource Reports
Category	Report name	Updates
Azure Virtual Network Resource	Azure Virtual Network Information	New field showing whether the virtual machine protection flag has changed or not.