View a list and description of system reports

Microsoft Entra Permissions Management has various types of system reports that capture specific sets of data. These reports allow management, auditors, and administrators to:

  • Make timely decisions.
  • Analyze trends and system/user performance.
  • Identify trends in data and high risk areas so that management can address issues more quickly and improve their efficiency.

This article provides you with a list and description of the system reports available in Permissions Management. Depending on the report, you can download it in comma-separated values (CSV) format, portable document format (PDF), or Microsoft Excel Open XML Spreadsheet (XLSX) format.

Download a system report

  1. In the Permissions Management home page, select the Reports tab, and then select the Systems Reports subtab.

  2. In the Report Name column, find the report you want, and then select the down arrow to the right of the report name to download the report.

    Or, from the ellipses (...) menu, select Download.

    The following message displays: Successfully Started To Generate On Demand Report.

Summary of available system reports

Report name Type of the report File format Description Availability Collated report?
Access Key Entitlements and Usage Report Summary

Detailed
CSV This report displays:

- Access key age, last rotation date, and last usage date availability in the summary report. Use this report to decide when to rotate access keys.

- Granted task and Permissions creep index (PCI) score. This report provides supporting information when you want to take the action on the keys.
AWS

Azure

GCP
Yes
All Permissions for Identity Summary CSV This report lists all the assigned permissions for the selected identities. AWS

Azure

GCP
N/A
Group Entitlements and Usage Summary CSV This report tracks all group level entitlements and the permission assignment, PCI. The number of members is also listed as part of this report. AWS

Azure

GCP
Yes
Identity Permissions Summary CSV This report tracks any, or specific, task usage per User, Group, Role, or App. AWS

Azure

GCP
N/A
AWS Role Policy Audit Detailed CSV This report gives the list of AWS roles, which can be assumed by User, Group, resource or AWS Role. AWS N/A
Cross Account Access Details Detailed CSV This report helps track User, Group from other AWS accounts have cross account access to the specified AWS account. AWS N/A
PCI History Summary CSV This report helps track Monthly PCI History for each authorized system. It can be used to plot the trend of the PCI. AWS

Azure

GCP
Yes
Permissions Analytics Report (PAR) Detailed XSLX, PDF This report lists the different key findings in the selected authorized systems. The key findings include Super identities, Inactive identities, Over-provisioned active identities, Storage bucket hygiene, Access key age (AWS), and so on.

This report helps administrators to visualize the findings across the organization and make decisions.
AWS

Azure

GCP
Yes for XSLX
Role/Policy Details Summary CSV This report captures Assigned/Unassigned and Custom/system policy with used/unused condition for specific or all AWS accounts.

Similar data can be captured for Azure and GCP for assigned and unassigned roles.
AWS

Azure

GCP
No
User Entitlements and Usage Detailed

Summary

Permissions

CSV Summary This report provides the summary view of all the identities with Permissions Creep Index (PCI), granted and executed tasks per Azure subscription, AWS account, GCP project.

Detailed This report provides a detailed view of Azure role assignments, GCP role assignments and AWS policy assignment along with Permissions Creep Index (PCI), tasks used by each identity.

Permissions This report provides the list of role assignments for Azure, GCP and policy assignments in AWS per identity.
AWS

Azure

GCP
Yes

Next steps