Metrics Library | Liongard

Boards

Feature Requests

Metrics Library

This is a community-led space where Liongard users can come to teach and learn from one another. Share custom Metrics, get inspired and see what’s trending in the Pride.

M365: AAD App Secrets Expiring within 30 days

Looks for applications with expiring/expired secrets (within 30 days), then outputs the Application name, and the secrets associated that are expiring/expired. Applications[?passwordCredentials[?time_until(endDateTime, days ) < 30 ].endDateTime].['Application Name: 'displayName, 'Secret Name: 'passwordCredentials[?time_until(endDateTime, days ) < 30 ].displayName]

submitted

Microsoft 365: Licensing Data Set

Microsoft 365 Licensing Metric designed for Power BI consumption. Licensing[].{ProductFriendlyName: ProductFriendlyName, Consumed: consumedUnits, Unconsumed: UnconsumedUnits_r, Suspended: prepaidUnits.suspended}

submitted

Microsoft 365: Intune Device Info (VI)

Intune Device Info metric to use in Visual Insights Devices[].{ DeviceName: displayName, OS: operatingSystem, OSVersion: operatingSystemVersion, Manufacturer: manufacturer, Model: model, Managed: isManaged, Compliant: isCompliant, ComplianceState: complianceState_r, ManagementType: managementType, Ownership: deviceOwnership, EnrolledVia: enrollmentType, IntuneRegistered: intuneRegistered_r, LastSignIn: approximateLastSignInDateTime, RegisteredDate: registrationDateTime }

Microsoft 365: List of Users Without MFA Registered(VI)

List of users Without MFA Register, metric to use in Visual Insights Users[?isMfaRegistered_r!='Enabled'].{Name:displayName,Email:mail}

Microsoft 365: Sharepoint Sites with Drive name and total size

The resulting example in the screenshot drives[? ( quota.total != null)].[{"Drive Name": name, "GB Total": quota.total , "Site Name": siteName_r}]

submitted

Microsoft 365: Teams Phone with Calling Plan License Count

sku: "MCOTEAMS_ESSENTIALS", Product Friendly Name: "Teams Phone with Calling Plan" Consumed Licenses Licensing[?skuPartNumber=='MCOTEAMS_ESSENTIALS'].consumedUnits | sum(@)

Microsoft 365: Microsoft Defender for Office 365 (Plan 1) License Count

sku: "ATP_ENTERPRISE", Product Friendly Name: "Microsoft Defender for Office 365 (Plan 1) Consumed Licenses Licensing[?skuPartNumber=='ATP_ENTERPRISE'].consumedUnits | sum(@)

Microsoft 365: Microsoft Entra ID P1 license Count

Sku: AAD_Premium / Product Friendly Name: Microsoft Entra ID P1 / Consumed License Licensing[?skuPartNumber=='AAD_PREMIUM'].consumedUnits | sum(@)

Office 365: Administrator Users

This is helpful to someone who's trying to obtain/maintain visibility into the admin users in an organization's M365 instance. This is a good Metric for QBRs, recurring site reviews, and an onboarding report. Also, this Metric could be used to build a user audit with the intention of an end customer confirming that all looks as expected. This Metric can also be used to create a pointed Actionable Alert that helps to maintain visibility into changes to this list. Roles[? contains(displayName, dmin ) && displayName != Company Administrator && Members[] != null && Members[] != [] ].join( , [join( , [ , to_string(displayName)]), join( , [ : , to_string(Members[].displayName)])])

submitted

M365: Admin Users with MFA Enabled List

This is helpful to someone who's trying to obtain/maintain visibility into the non-admin users in an organization's M365 instance. This is a good Metric for QBRs, recurring site reviews, and an onboarding report. Also, this Metric could be used to build a user audit with the intention of an end customer confirming that all looks as expected. This Metric can also be used to create a pointed Actionable Alert that helps to maintain visibility into changes to the list of Admin users with MFA disabled. Users[? Privileged == Yes && isMfaRegistered_r == Enabled ].displayName

submitted

→