AnnouncementCase StudyCheckmarkcustomer-story-iconData Sheethow-to-logoposts
skip to Main Content

Microsoft Office 365

24x7 security monitoring, investigation and response

24x7 monitoring of your O365 environment

(It’s a leap year. Maybe it should be O366? 😀)

We’ll monitor your environment 24x7 and detect when accounts are compromised or user activity doesn’t seem quite right. Then, we investigate. We’ll tell you what happened, how it went down and what you need to do to fix it.

What you get

Our Microsoft O365 detection strategy uses built-in APIs to provide:

  • 24x7 monitoring of your O365 instance
  • Thorough analysis of suspicious activity with a detailed findings report
  • Direct access to Expel security analysts and your engagement manager via Slack

What we do

24x7 O365 monitoring

We use a combination of O365-specific detections and our analysts’ judgment to flag anything that seems unusual.

Thorough investigations

Next, we’ll connect the dots from suspicious O365 alerts to find their root cause and provide a detailed findings report (in plain English!).

Fixes written for O365

Finally, we’ll give you detailed guidance on how to fix the problem … and (when possible) how you can prevent it from happening again.

What we look for

(You’ve got our Word, we Excel at this)

Business email compromises (BECs) are by far the most common O365 attacks we see. When an attacker compromises an O365 account they can use it to steal money, data or wreak havoc. But we also see lots of risky behavior that — while it may not be a “threat” — it’s probably not something you want your users doing.

Mailbox permissions
are granted to a user

Unusual volume of
file sharing or deletion

Activity from a suspicious
IP or location


Creation of
odd inbox rules


Applications requesting
admin privileges

How we connect to O365

( … or rather how you connect to Expel 😉 )

Expel uses an Office 365 app that guides you through the process of connecting your O365 environment to Expel. Simply log into your O365 admin account, accept the permissions requests and turn on audit logging. That’s it!


Turn on
audit logging


O365 credentials


Configure O365
in Expel Workbench

Learn about how we’ll keep your data secure and what data we’ll access.

AWS overview What does it cost? Microsoft Azure overview


Seven ways to spot a
business email
compromise in Office 365

As attackers behind BEC attacks find even more clever tactics to use, it’s getting trickier for businesses to protect themselves. But here are some telltale signs you can look for that are tip-offs that something’s amiss.


Three tips for getting
started with cloud
application security

If you’re feeling like your SaaS security knowledge is a bit cloudy, these three pro tips will get you started on the right path.


MFA is not a silver
bullet to secure your
cloud email

If you’re running workloads on AWS, then you’ll want to know all about the latest and greatest AWS-native security tools. We’ve got you covered in our latest post.

Give us 30 minutes to show you how we can help protect your Office 365 environment.

Back To Top