[reports://<specify_name>]
host = <host-name>, Default is current system hostname
repo =  <repository-name>
source = <source-as-per-table> Check Source & Sourcetype Mapping Table Below
sourcetype = <sourcetype-as-per-table> Check Source & Sourcetype Mapping Table Below
period = <int> (the number of days over which the report is aggregated.)
            (Default 7, Supported values: 30, 90, 180)
frequency = <seconds>
cron = <cron-expression> 
        Note: Cron has higher priority and will be considered for scheduling instead of frequency, if both are defined.
        It is preferable to define only one, either cron or frequency.
secret = <secret-stanza-name>
global = <global-stanza-name>
disabled = 0/1

[service://<specify_name>]
host = <host-name>, Default is current system hostname
repo =  <repository-name>
source = issues | messages
sourcetype = dataelicit/m365:m365-service
tenant = <entra-app-tenant-name>
frequency = <seconds>
cron = <cron-expression> 
        Note: Cron has higher priority and will be considered for scheduling instead of frequency, if both are defined.
        It is preferable to define only one, either cron or frequency.
secret = <secret-stanza-name>
global = <global-stanza-name>
disabled = 0/1

[audit://<specify_name>]
host = <host-name>, Default is current system hostname
repo =  <repository-name>
source = AuditLogs.SignIns
sourcetype = dataelicit/m365:m365-audit-logs
tenant = <entra-app-tenant-name>
frequency = <seconds> 
cron = <cron-expression> 
        Note: Cron has higher priority and will be considered for scheduling instead of frequency, if both are defined.
        It is preferable to define only one, either cron or frequency.
secret = <secret-stanza-name>
global = <global-stanza-name>
disabled = 0/1

[msgtrace://<specify_name>]
host = <host-name>, Default is current system hostname
repo =  <repository-name>
source = Message_Trace
sourcetype = dataelicit/m365:m365-message-trace
startDate = <YYYY-MM-DDTHH:MM:SS> (Default 7 days ago)
tenant = <entra-app-tenant-name>
frequency = <seconds> 
cron = <cron-expression> 
        Note: Cron has higher priority and will be considered for scheduling instead of frequency, if both are defined.
        It is preferable to define only one, either cron or frequency.
secret = <secret-stanza-name>
global = <global-stanza-name>
disabled = 0/1

[management://<specify_name>]
host = <host-name>, Default is current system hostname
repo =  <repository-name>
source = Audit.AzureActiveDirectory | Audit.Exchange |
            Audit.SharePoint | Audit.General |
            DLP.All
sourcetype = dataelicit/m365:m365-management-activity
startDate = <YYYY-MM-DDTHH:MM:SS> (Must be in the last 7 days, Default 7 days ago)
tenant = <entra-app-tenant-name>
frequency = <seconds> 
cron = <cron-expression> 
        Note: Cron has higher priority and will be considered for scheduling instead of frequency, if both are defined.
        It is preferable to define only one, either cron or frequency.
secret = <secret-stanza-name>
global = <global-stanza-name>
disabled = 0/1

[cas://<specify_name>]
host = <host-name>, Default is current system hostname
repo =  <repository-name>
source = Cloud.Discovery | policies | entities | alerts | files
sourcetype = dataelicit/m365:m365-cloud-application-security
tenant = <entra-app-tenant-name>
frequency = <seconds> 
cron = <cron-expression> 
        Note: Cron has higher priority and will be considered for scheduling instead of frequency, if both are defined.
        It is preferable to define only one, either cron or frequency.
secret = <secret-stanza-name>
global = <global-stanza-name>
disabled = 0/1

[reports://mailboxusage]
source = MailboxUsageDetail
sourcetype = dataelicit/m365:m365-mailbox
period = 30
frequency = 300
secret = m365creds
global = app365

[reports://mailboxcounts]
source = MailboxUsageMailboxCounts
sourcetype = dataelicit/m365:m365-mailbox
period = 30
cron = 0 0 1 * *
secret = m365creds
global = app365

[reports://groupsactivity]
source = Office365GroupsActivityDetail
sourcetype = dataelicit/m365:m365-office365
period = 30
frequency = 300
secret = m365creds
global = app365

[reports://usercounts]
source = Office365ServicesUserCounts
sourcetype = dataelicit/m365:m365-office365
period = 30
cron = 0 0 1 * *
secret = m365creds
global = app365

[reports://onedrive_usercounts]
source = OneDriveActivityUserCounts
sourcetype = dataelicit/m365:m365-onedrive
period = 30
frequency = 300
secret = m365creds
global = app365

[reports://onedrive_account]
source = OneDriveUsageAccountDetail
sourcetype = dataelicit/m365:m365-onedrive
period = 30
cron = 0 0 1 * *
secret = m365creds
global = app365

[reports://onedrive_storage]
source = OneDriveUsageStorage
sourcetype = dataelicit/m365:m365-onedrive
period = 30
frequency = 300
secret = m365creds
global = app365

[reports://sharepoint_usage]
source = SharePointSiteUsageDetail
sourcetype = dataelicit/m365:m365-sharepoint
period = 30
cron = 0 0 1 * *
secret = m365creds
global = app365

[reports://sharepoint_filecount]
source = SharePointSiteUsageFileCounts
sourcetype = dataelicit/m365:m365-sharepoint
period = 30
frequency = 300
secret = m365creds
global = app365

[reports://teams_user_count]
source = TeamsUserActivityCounts
sourcetype = dataelicit/m365:m365-teams
period = 30
cron = 0 0 1 * *
secret = m365creds
global = app365

[reports://teams_user_detail]
source = TeamsUserActivityUserDetail
sourcetype = dataelicit/m365:m365-teams
period = 30
frequency = 300
secret = m365creds
global = app365

[reports://yammer_activity]
source = YammerGroupsActivityDetail
sourcetype = dataelicit/m365:m365-yammer
period = 30
cron = 0 0 1 * *
secret = m365creds
global = app365

[reports://yammer_group_counts]
source = YammerGroupsActivityGroupCounts
sourcetype = dataelicit/m365:m365-yammer
period = 30
frequency = 300
secret = m365creds
global = app365

[service://service_msg]
source = messages
sourcetype = dataelicit/m365:m365-service
frequency = 300
secret = m365creds
global = app365

[service://service_issues]
source = issues
sourcetype = dataelicit/m365:m365-service
frequency = 300
secret = m365creds
global = app365

[audit://audit_signins]
source = AuditLogs.SignIns
sourcetype = dataelicit/m365:m365-audit-logs
frequency = 300
secret = m365creds
global = app365

[msgtrace://message_trace]
source = Message_Trace
sourcetype = dataelicit/m365:m365-message-trace
frequency = 300
secret = m365creds
global = app365

[management://audit_azureAD]
source = Audit.AzureActiveDirectory
sourcetype = dataelicit/m365:m365-management-activity
frequency = 300
secret = m365creds
global = app365

[management://azure_exchange]
source = Audit.Exchange
sourcetype = dataelicit/m365:m365-management-activity
frequency = 300
secret = m365creds
global = app365

[management://azure_sharepoint]
source = Audit.SharePoint
sourcetype = dataelicit/m365:m365-management-activity
frequency = 300
secret = m365creds
global = app365

[management://audit_general]
source = Audit.General
sourcetype = dataelicit/m365:m365-management-activity
frequency = 300
secret = m365creds
global = app365

[management://dlp_all]
source = DLP.All
sourcetype = dataelicit/m365:m365-management-activity
frequency = 300
secret = m365creds
global = app365

[cas://cas_policies]
source = policies
sourcetype = dataelicit/m365:m365-cloud-application-security
frequency = 300
secret = m365creds
global = app365

[cas://cas_alerts]
source = alerts
sourcetype = dataelicit/m365:m365-cloud-application-security
frequency = 300
secret = m365creds
global = app365

[cas://cas_entities]
source = entities
sourcetype = dataelicit/m365:m365-cloud-application-security
frequency = 300
secret = m365creds
global = app365

[cas://cas_files]
source = files
sourcetype = dataelicit/m365:m365-cloud-application-security
frequency = 300
secret = m365creds
global = app365

[cas://cloud_discovery]
source = Cloud.Discovery
sourcetype = dataelicit/m365:m365-cloud-application-security
frequency = 300
secret = m365creds
global = app365