This article lists the currently supported Azure Active Directory reports with all of the properties that SysKit Trace loads.

Azure Active Directory

Reports

Applications

NameDescription
NameName of the app.
Available To Other TenantsIndicates whether this application is available in other tenants.
Group Membership ClaimsA bitmask that configures the groups claim issued in a user or OAuth 2.0 access token that the application expects. The bitmask values are: 0: None, 1: Security groups and Azure AD roles, 2: Reserved, and 4: Reserved. Setting the bitmask to 7 will get all of the security groups, distribution groups, and Azure AD directory roles that the signed-in user is a member of.
HomepageThe URL to the application's homepage.
Identifier UrisUser-defined URI(s) that uniquely identify a Web application within its Azure AD tenant, or within a verified custom domain.
Known Client ApplicationsClient applications that are tied to this resource application.
Logout URLThe logout url for this application.
Oauth 2 Allow Implicit FlowSpecifies whether this web application can request OAuth2.0 implicit flow tokens. The default is false.
Oauth 2 Allow Url Path MatchingSpecifies whether, as part of OAuth 2.0 token requests, Azure AD will allow path matching of the redirect URI against the application's replyUrls. The default is false.
Oauth 2 Require Post ResponseSet this to true if an Oauth2 post response is required.
Public ClientSpecifies whether this application is a public client (such as an installed application running on a mobile device). Default is false.
Reply URLsSpecifies the URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to.
Saml Metadata UrlThe URL to the SAML metadata for the application.

Group Lifecycle Policy

NameDescription
Group Lifetime In DaysThe number of days a group can exist before it needs to be renewed.
Managed Group TypesThis property allows the admin to select which office 365 groups the policy will apply to. 'None' will create the policy in a disabled state. 'All' will apply the policy to every Office 365 group in the tenant. 'Selected' will allow the admin to choose specific Office 365 groups that the policy will apply to.
Alternate Notification EmailsNotification emails for groups that have no owners will be sent to these email addresses.

Group Naming Policy

NameDescription
Prefix Suffix Naming RequirementPrefixes and suffixes to add to the group name.
Custom Blocked Words ListComma delimited list of words that should be blocked from being included in groups' names.

Group Settings

NameDescription
Enable Group CreationThe flag indicating whether Office 365 group creation is allowed in the directory by non-admin users. This setting does not require an Azure Active Directory Premium P1 license.
Allow Guests To Be Group OwnerBoolean indicating whether or not a guest user can be an owner of groups.
Allow Guests To Access GroupsBoolean indicating whether or not a guest user can have access to Office 365 groups content. This setting does not require an Azure Active Directory Premium P1 license.
Guest Usage Guidelines UrlThe url of a link to the guest usage guidelines.
Group Creation Allowed Group NameName of the security group for which the members are allowed to create Office 365 groups even when 'Enable Group Creation' == false.
Allow To Add GuestsA boolean indicating whether or not is allowed to add guests to this directory.
Usage Guidelines UrlA link to the Group Usage Guidelines.

Groups

NameDescription
Display NameDisplayName of the AADMS Group.
Mail NicknameSpecifies a mail nickname for the group. If 'Mail Enabled' is False you must still specify a mail nickname.
DescriptionSpecifies a description for the group.
Group TypesSpecifies that the group is a dynamic group. To create a dynamic group, specify a value of DynamicMembership.
VisibilityThis property determines the visibility of the group's content and members list.
Membership RuleSpecifies the membership rule for a dynamic group.
Security EnabledSpecifies whether the group is security enabled. For security groups, this value must be True.
Mail EnabledSpecifies whether this group is mail enabled. Currently, you cannot create mail enabled groups in Azure AD.
Is Assignable To RoleSpecifies whether this group can be assigned a role. Only available when creating a group and can't be modified after group is created.

Policies

NameDescription
NameDisplayName of the Policy.
Alternative IdentifierAlternativeIdentifier Policy.
DefinitionDefinition of the Policy.
Is Organization DefaultIsOrganizationDefault of the Policy.
TypeType of the Policy.

Role Definitions

NameDescription
NameSpecifies a display name for the role definition.
DescriptionSpecifies a description for the role definition.
Resource ScopesSpecifies the resource scopes for the role definition.
Is EnabledSpecifies whether the role definition is enabled.
Role PermissionsSpecifies permissions for the role definition.
Template IdSpecifies template id for the role definition.
VersionSpecifies version for the role definition.

Service Principals

NameDescription
NameDisplayname of the aad service principal.
Application IDThe unique identifier for the associated application.
Object IDThe 'Object ID' of the aad service principal.
Alternative NamesThe atlernative names for this service principal.
Account EnabledTrue if the service principal account is enabled; otherwise, false.
App Role Assignment RequiredIndicates whether an application role assignment is required.
Error UrlSpecifies the error URL of the aad service principal.
HomepageSpecifies the homepage of the aad service principal.
Logout UrlSpecifies the 'Logout Url' of the aad service principal.
Publisher NameSpecifies the 'Publisher Name' of the aad service principal.
Reply UrlsThe URLs that user tokens are sent to for sign in with the associated application, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to for the associated application.
Saml Metadata UrlThe URL for the SAML metadata of the aad service principal.
Service Principal NamesSpecifies an array of service principal names. Based on the identifierURIs collection, plus the application's appId property, these URIs are used to reference an application's service principal.
Service Principal TypeThe type of the service principal.
TagsTags linked to this service principal.Note that if you intend for this service principal to show up in the All Applications list in the admin portal, you need to set this value to {WindowsAzureActiveDirectoryIntegratedApp}.

Tenant Details

NameDescription
Marketing Notification EmailsEmail-addresses from the people who should receive Marketing Notifications.
Security Compliance Notification MailsEmail-addresses from the people who should receive Security Compliance Notifications.
Security Compliance Notification PhonesPhone Numbers from the people who should receive Security Notifications.
Technical Notification MailsEmail-addresses from the people who should receive Technical Notifications.

Conditional Access ⯈ Conditional Access Policies

NameDescription
NameDisplayName of the AAD CA Policy.
StateSpecifies the 'State' of the Policy.
Included UsersUsers in scope of the Policy.
Excluded UsersUsers out of scope of the Policy.
Included GroupsGroups in scope of the Policy.
Excluded GroupsGroups out of scope of the Policy.
Included ApplicationsCloud Apps in scope of the Policy.
Excluded ApplicationsCloud Apps out of scope of the Policy.
Included User ActionsUser Actions in scope of the Policy.
Included RolesAAD Admin Roles in scope of the Policy.
Excluded RolesAAD Admin Roles out of scope of the Policy.
Included PlatformsClient Device Platforms in scope of the Policy.
Excluded PlatformsClient Device Platforms out of scope of the Policy.
Included LocationsAAD Named Locations in scope of the Policy.
Excluded LocationsAAD Named Locations out of scope of the Policy.
Included Device StatesClient Device Compliance states in scope of the Policy.
Excluded Device StatesClient Device Compliance states out of scope of the Policy.
User Risk LevelsAAD Identity Protection User Risk Levels in scope of the Policy.
Sign In Risk LevelsAAD Identity Protection Sign-in Risk Levels in scope of the Policy.
Client App TypesClient App types in scope of the Policy.
Grant Control OperatorOperator to be used for Grant Controls.
Built In ControlsList of built-in Grant Controls to be applied by the Policy.
Application Enforced Restrictions Is EnabledSpecifies, whether Application Enforced Restrictions are enabled in the Policy.
Cloud App Security Is EnabledSpecifies, whether Cloud App Security is enforced by the Policy.
Cloud App Security TypeSpecifies, what Cloud App Security control is enforced by the Policy.
Sign In Frequency ValueSign in frequency time in the given unit to be enforced by the policy.
Sign In Frequency TypeSign in frequency unit (days/hours) to be interpreted by the policy.
Sign In Frequency Is EnabledSpecifies, whether sign-in frequency is enforced by the Policy.
Persistent Browser Is EnabledSpecifies, whether Browser Persistence is controlled by the Policy.
Persistent Browser ModeSpecifies, what Browser Persistence control is enforced by the Policy.

Conditional Access ⯈ Named Locations

NameDescription
NameSpecifies the Display Name of a Named Location policy in Azure Active Directory.
Ip RangesSpecifies the IP ranges of the Named Location policy in Azure Active Directory.
Is TrustedSpecifies the isTrusted value for the Named Location policy in Azure Active Directory.
Countries And RegionsSpecifies the countries and regions for the Named Location policy in Azure Active Directory.
Include Unknown Countries And RegionsSpecifies the includeUnknownCountriesAndRegions value for the Named Location policy in Azure Active Directory.
Odata TypeSpecifies the Odata Type of a Named Location policy object in Azure Active Directory.