Microsoft Office 365
24x7 security monitoring, investigation and response
24x7 monitoring of your O365 environment
(It’s a leap year. Maybe it should be O366? 😀)
We’ll monitor your environment 24x7 and detect when accounts are compromised or user activity doesn’t seem quite right. Then, we investigate. We’ll tell you what happened, how it went down and what you need to do to fix it.
What you get
Our Microsoft O365 detection strategy uses built-in APIs to provide:
- 24x7 monitoring of your O365 instance
- Thorough analysis of suspicious activity with a detailed findings report
- Direct access to Expel security analysts and your engagement manager via Slack

What we do
24x7 O365 monitoring
We use a combination of O365-specific detections and our analysts’ judgment to flag anything that seems unusual.
Thorough investigations
Next, we’ll connect the dots from suspicious O365 alerts to find their root cause and provide a detailed findings report (in plain English!).
Fixes written for O365
Finally, we’ll give you detailed guidance on how to fix the problem … and (when possible) how you can prevent it from happening again.
What we look for
(You’ve got our Word, we Excel at this)
Business email compromises (BECs) are by far the most common O365 attacks we see. When an attacker compromises an O365 account they can use it to steal money, data or wreak havoc. But we also see lots of risky behavior that — while it may not be a “threat” — it’s probably not something you want your users doing.
How we connect to O365
( … or rather how you connect to Expel 😉 )
Expel uses an Office 365 app that guides you through the process of connecting your O365 environment to Expel. Simply log into your O365 admin account, accept the permissions requests and turn on audit logging. That’s it!

Turn on
audit logging

Generate
O365 credentials

Configure O365
in Expel Workbench

Blog
Seven ways to spot a
business email
compromise in Office 365
As attackers behind BEC attacks find even more clever tactics to use, it’s getting trickier for businesses to protect themselves. But here are some telltale signs you can look for that are tip-offs that something’s amiss.

Blog
Three tips for getting
started with cloud
application security
If you’re feeling like your SaaS security knowledge is a bit cloudy, these three pro tips will get you started on the right path.

Blog
MFA is not a silver
bullet to secure your
cloud email
If you’re running workloads on AWS, then you’ll want to know all about the latest and greatest AWS-native security tools. We’ve got you covered in our latest post.
Give us 30 minutes to show you how we can help protect your Office 365 environment.
Thanks for clicking submit. Your message is now being directed to a real person.