XIA Configuration Server

Entra ID Tenant and Conditional Access Reporting Tool

XIA Configuration delivers automated, comprehensive reporting for Microsoft Entra ID, giving administrators and MSPs instant visibility across single or multi-tenant environments. Eliminate manual audits and custom scripts to quickly generate actionable insights into your security posture, Conditional Access policies, directory roles, application permissions, and tenant configurations.

The Entra directory icon.

Entra ID and Conditional Access Reports

XIA Configuration Server's powerful reporting engine includes the following built-in reports for Entra ID tenants and Conditional Access Reports:

Built-In Entra Organization Reports

Gain a high-level view of your tenant's identity perimeter and baseline settings. These automated reports allow you to audit security configurations, verify organizational branding across localized regions, and track licensing usage across single or multi-tenant environments.

  • Entra Organizations Summary
  • Entra Organization Security Defaults Summary
  • Entra Organization Licenses Summary
  • Entra Licenses Summary
  • Entra Organization Effective License Summary
  • Entra Branding Summary
  • Entra Branding Detailed Summary
  • Entra Branding Localizations Summary

Built-In Entra Application Reports

Unmanaged application registrations and expired credentials are major vectors for security breaches and unexpected service downtime. These reports provide full visibility into your application perimeter, allowing you to audit API permissions, track redirect URIs, and proactively identify expiring secrets or certificates before they impact production.

  • Entra App Registrations Summary
  • Entra App Registrations Detailed Summary
  • Entra App Redirect URIs Summary
  • Entra App Optional Claims Summary
  • Entra App API Permissions Summary
  • Entra App Client Secrets Summary
  • Entra App Certificates Summary
  • Entra App Expiring Credentials Summary
  • Entra App Expired Credentials Summary
  • Entra App Publisher Verification Summary

Built-In Entra Cloud Sync Reports

Managing a hybrid identity infrastructure requires absolute consistency between your on-premises directories and the cloud. These reports give you complete visibility into your cloud synchronization topology, making it simple to track configuration status, audit complex attribute and object mappings, and monitor active sync agents.

  • Entra Cloud Sync Summary
  • Entra Cloud Sync Configurations Summary
  • Entra Cloud Sync Configurations Detailed Summary
  • Entra Cloud Sync Attribute Mappings Summary
  • Entra Cloud Sync Object Mappings Summary
  • Entra Cloud Sync Agents Summary

Built-In Entra Conditional Access Reports

Conditional Access is the core of your modern Zero Trust security posture. Because a single misconfigured policy can either lock out legitimate users or leave your tenant exposed, these reports provide a clear audit trail. They allow you to instantly analyze your active policy baselines, review authentication strengths, and flag policies relying on preview or beta features.

  • Entra Conditional Access Summary
  • Entra Conditional Access Policies Summary
  • Entra Conditional Access Policies (Using BETA Features) Summary
  • Entra Conditional Access Authentication Strengths Summary

Built-In Entra Directory Role Reports

Enforcing the principle of least privilege requires continuous oversight of your highly privileged accounts. These specialized reports provide full visibility into your identity governance, allowing you to easily track active role assignments, audit Global Administrator counts, and monitor both standing and Privileged Identity Management (PIM) assignments.

  • Entra Directory Roles Summary
  • Entra Directory Roles Detailed Summary
  • Entra Directory Role Active Assignments
  • Entra Directory Privileged Role Active Assignments
  • Entra Directory Global Administrator Role Active Assignments
  • Entra Directory Roles PIM Summary
  • Entra Directory Roles PIM Detailed Summary

Built-In Entra Enterprise Application Reports

Third-party integrations can introduce significant risk if left unmonitored. These governance reports give you a comprehensive inventory of all integrated service principals, allowing you to track application ownership and audit admin-consented permissions to prevent data leakage.

  • Entra Enterprise Applications Summary
  • Entra Enterprise Applications Detailed Summary
  • Entra Enterprise Application Owners Summary
  • Entra Enterprise Application Admin Consented Permissions Summary

Built-In Entra Users and Groups Reports

Efficient directory maintenance relies on having complete visibility over user lifecycles and group architectures. These reporting tools streamline your regular directory cleanups, allowing you to audit membership lists, track group ownership to eliminate orphaned resources, and closely monitor the synchronization health of objects tied to your on-premises infrastructure.

  • Entra Groups Summary
  • Entra Groups Detailed Summary
  • Entra Group Owners Summary
  • Entra Group Members Summary
  • Entra Groups On-Premises Sync Summary
  • Entra Users Summary

Microsoft Entra ID and Conditional Access Reporting FAQ

Here are answers to the most common questions about reporting on Microsoft Entra ID and Conditional Access with XIA Configuration.

Does XIA Configuration need an agent installed to run Entra ID reports?

No. Entra ID reporting is completely agentless. XIA Configuration retrieves data securely via Microsoft Graph without installing any software in your tenant.

Are all the reports listed on this page included?

Yes. All Microsoft Entra ID and Conditional Access reports shown on this page are available out of the box with XIA Configuration Server.

Can I add custom reports?

Yes. You can duplicate and modify existing reports or create your own custom reports using T‑SQL.

Does reporting require live access to Microsoft Entra ID?

No. Once a scan has completed, all Entra ID data is stored in the XIA Configuration Server SQL Server database. Reports run entirely against the stored scan data, without needing live access to Microsoft Entra ID.

Does XIA Configuration require Microsoft Entra ID P1 or P2 licensing?

No. XIA Configuration does not require premium licensing to retrieve Entra ID reporting data.

Can I report across multiple Microsoft Entra tenants?

Yes. You can scan multiple tenants and run reports independently or as part of scheduled report generation.

How does XIA Configuration authenticate with Microsoft Entra ID (Microsoft Graph)?

The XIA Configuration Client supports multiple Microsoft Entra authentication methods, including service principals with client secrets or certificates. These credentials are encrypted and stored securely within the XIA Configuration Client configuration. Username and password authentication is supported for backwards compatibility but is deprecated. MFA-based authentication can also be used interactively if required.

Can reports be exported to PDF, Word, or Excel?

Yes. All Entra ID reports can be exported to PDF, Microsoft Word (DOCX), and CSV formats for audit, compliance, and documentation purposes.

How often can I run Entra ID reports?

Reports can be run manually at any time or scheduled as part of automated report execution.