AnnouncementCase StudyCheckmarkcustomer-story-iconData Sheethow-to-logoposts
skip to Main Content

Microsoft Office 365

24x7 security monitoring, investigation and response

24x7 monitoring of your O365 environment

(It’s a leap year. Maybe it should be O366? 😀)

We’ll monitor your environment 24x7 and detect when accounts are compromised or user activity doesn’t seem quite right. Then, we investigate. We’ll tell you what happened, how it went down and what you need to do to fix it.

What you get

Our Microsoft O365 detection strategy uses built-in APIs to provide:

  • 24x7 monitoring of your O365 instance
  • Thorough analysis of suspicious activity with a detailed findings report
  • Direct access to Expel security analysts and your engagement manager via Slack
O365_Dashboard

What we do

Expel-Diamonds_diamond-01
Mobile-Diagram_Mobile 1
AWS-Icons_monitoring

24x7 O365 monitoring

We use a combination of O365-specific detections and our analysts’ judgment to flag anything that seems unusual.

Expel-Diamonds_diamond-02
Mobile-Diagram_Mobile 2
AWS-Icons_investigating

Thorough investigations

Next, we’ll connect the dots from suspicious O365 alerts to find their root cause and provide a detailed findings report (in plain English!).

Expel-Diamonds_diamond-03
Mobile-Diagram_Mobile 3
AWS-Icons_fixes

Fixes written for O365

Finally, we’ll give you detailed guidance on how to fix the problem … and (when possible) how you can prevent it from happening again.

What we look for

(You’ve got our Word, we Excel at this)

Business email compromises (BECs) are by far the most common O365 attacks we see. When an attacker compromises an O365 account they can use it to steal money, data or wreak havoc. But we also see lots of risky behavior that — while it may not be a “threat” — it’s probably not something you want your users doing.

o365-icons_01

Mailbox permissions
are granted to a user

o365-icons_02

Unusual volume of
file sharing or deletion

o365-icons_03

Activity from a suspicious
IP or location

o365-icons_04

Compromised
accounts

o365-icons_05

Creation of
odd inbox rules

o365-icons_06

Applications requesting
admin privileges

How we connect to O365

( … or rather how you connect to Expel 😉 )

Expel uses an Office 365 app that guides you through the process of connecting your O365 environment to Expel. Simply log into your O365 admin account, accept the permissions requests and turn on audit logging. That’s it!

Step 1 Connect O365
1

Turn on
audit logging

Step 2 Connect O365
2

Generate
O365 credentials

Step 3 Connect O365
3

Configure O365
in Expel Workbench

Learn about how we’ll keep your data secure and what data we’ll access.

AWS overview What does it cost? Microsoft Azure overview
Blog 500x300 Seven Ways To Spot

Blog

As attackers behind BEC attacks find even more clever tactics to use, it’s getting trickier for businesses to protect themselves. But here are some telltale signs you can look for that are tip-offs that something’s amiss.

Blog 500x300 3 Tips Cloud Application Security

Blog

If you’re feeling like your SaaS security knowledge is a bit cloudy, these three pro tips will get you started on the right path.

Blog 500x300 Mfa Cloud Mail

Blog

If you’re running workloads on AWS, then you’ll want to know all about the latest and greatest AWS-native security tools. We’ve got you covered in our latest post.

Give us 30 minutes to show you how we can help protect your Office 365 environment.

Back To Top