Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Get inspired! Check out the entries from the Power BI DataViz World Championships preliminary rounds and give kudos to your favorites. View the vizzies.

Reply
gm2025
Regular Visitor

Network Protection Audit

‎03-06-2025 04:42 PM

How do I use Power BI to generate a report that shows details of Network Protection in Audit mode?

 

Thank you!

Labels:
Message 1 of 10
368 Views
0
9 REPLIES 9
v-saisrao-msft
Community Support
Community Support

‎03-11-2025 03:33 AM

Hi @gm2025,

I wanted to check if you had the opportunity to review the information provided. Please feel free to contact us if you have any further questions. If any of the response has addressed your query, please accept it as a solution and give a 'Kudos' so other members can easily find it.
Thank you.

 

Message 6 of 10
205 Views
0
gm2025
Regular Visitor
In response to v-saisrao-msft

‎03-12-2025 09:03 AM

The options provided did not provide the solution I was looking for,unfortunatley. I had already follow the steps proposed. Again, I'm looking for a report that shows user data activity associated with the Network Protection feature being put in "Audit Mode". I know there is a KQL query but so far it is limited in it's output. 

Message 7 of 10
182 Views
0
v-saisrao-msft
Community Support
Community Support
In response to gm2025

Tuesday

Hi @gm2025,

 

May I ask if you have resolved this issue? If so, please mark the helpful reply and accept it as the solution. This will be helpful for other community members who have similar problems to solve it faster.

 

Thank you.

Message 10 of 10
89 Views
0
v-saisrao-msft
Community Support
Community Support
In response to gm2025

‎03-16-2025 09:13 AM

Hi @gm2025,


I wanted to check if you had the opportunity to review the information provided. Please feel free to contact us if you have any further questions. If my response has addressed your query, please accept it as a solution and give a 'Kudos' so other members can easily find it.


Thank you.

Message 9 of 10
127 Views
0
v-saisrao-msft
Community Support
Community Support
In response to gm2025

‎03-13-2025 04:26 AM

Hi @gm2025,

 

You can explore the following Microsoft Defender API documentation, which may help with retrieving Network Protection logs and integrating them with Power BI:

Microsoft Defender for Endpoint APIs connection to Power BI - Microsoft Defender for Endpoint | Micr...

Advanced Hunting API - Microsoft Defender for Endpoint | Microsoft Learn

 

If this post helps, then please give us ‘Kudos’ and consider Accept it as a solution to help the other members find it more quickly.

 

Thank you.

Message 8 of 10
162 Views
0
gm2025
Regular Visitor

‎03-07-2025 09:12 AM

Hi Akash,

I was hoping to connect to the system data source within Defender, but Power BI does not seem to have a API to this data source? I will try the manual way you suggested too 🙂

 

Thank you for your input and suggestions 🙂

Message 5 of 10
288 Views
0
rohit1991
Super User
Super User

‎03-06-2025 11:54 PM

Hi @gm2025 ,
To generate a Power BI report that shows details of Network Protection in Audit mode, you can start by collecting the relevant data from Microsoft Defender for Endpoint or Windows Security logs. If using Microsoft Defender for Endpoint, you can access Network Protection audit logs via Microsoft Defender Advanced Hunting in the Microsoft 365 Defender portal, using Kusto Query Language (KQL) to extract relevant events. 

Alternatively, if logs are stored in Event Viewer, specifically under Microsoft-Windows-Windows Defender/Operational, you can use a Power BI gateway to connect and import the logs. Once the data is in Power BI, you can create visualizations such as tables, bar charts, or line graphs to display details like timestamps, affected devices, IP addresses, and action outcomes. Applying filters and drill-through options can help analyze specific security events. If logs are stored in a centralized database or SIEM (e.g., Microsoft Sentinel), connecting Power BI to that source via direct query can provide real-time insights.

Message 3 of 10
315 Views
0
gm2025
Regular Visitor
In response to rohit1991

‎03-07-2025 09:35 AM

Hi Rohit,

 

Yes, the logs are in MS Defender. I wanted to use Power BI to connect directly to that log source, but I don't see a connector for it in Power BI... Yes, I did use Advanced Hunting in Defender and I ran the KQL to view the relevant events... So I guess I will export the results and import into Power BI... I just thought there was a way to connect directly to the log source in Defender, but I don't see that option...? I need to see all the data on a gloabl level not just my machine.

Message 4 of 10
280 Views
0
Akash_Varuna
Solution Sage
Solution Sage

‎03-06-2025 08:47 PM

Hi @gm2025 
First collect audit logs from your network protection system (Microsoft Defender or other tools). Export the logs to a supported format like CSV, JSON, or connect directly to the system's data source.
Then buid the report by importing the data into Power BI, create visuals such as bar charts, or slicers to display events, policies, or compliance details. Apply filters to focus on "Audit mode" entries.
If this post helped please do give a kudos and accept this as a solution
Thanks In Advance

Message 2 of 10
326 Views
0

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code FABINSIDER for a $400 discount!

FebPBI_Carousel

Power BI Monthly Update - February 2025

Check out the February 2025 Power BI update to learn about new features.

March2025 Carousel

Fabric Community Update - March 2025

Find out what's new and trending in the Fabric community.

View All