Working with Microsoft
24x7 detection and response for Microsoft Defender for Endpoint, Azure and Office 365
Give us 30 minutes to show you how we help companies that look like you
Thanks for clicking submit. Your message is now being directed to a real person.
What does Expel for Microsoft include?
Expel automates security operations across your Microsoft stack by ingesting signals from Defender for Endpoint, Azure, Sentinel, Office 365 and MCAS. We apply our detection strategy to these signals to identify activity that doesn’t look right like suspicious logins, data exfiltration, suspicious RDP activity or unusual inbox rules. We even add our own detections in the cloud (where they’re needed most) to ensure we detect suspicious activity before the damage is done.
When something’s suspicious, we investigate and tell you what happened and what you need to do about it (in plain English).
When it comes to monitoring your Microsoft environment, the sky’s the limit.
||Examples of how we use them||Detect||Investigate|
|Defender for Endpoint||Endpoint protection, FTW|
|Active Directory||Monitors who’s accessing your environment|
|Azure Platform Logs||Provides insight into events in the Azure infrastructure||
written by Expel
|Azure Log Analytics||Adds insight into your data|
|AD Identity Protection||Flags risky sign-ons|
|Microsoft Cloud App Security (MCAS)||Gives us comprehensive alerting based on activity in your Azure environment|
|Azure Security Center||Sends us alerts which we analyze and run to ground|
|Azure Sentinel||Azure’s cloud-native SIEM looking for things that go bump in the night|
|O365 Audit Log||Another avenue to detect suspicious activity||
written by Expel
|O365 Security and Compliance||On the lookout for user activity that matches an alert policy|
Why get your 24x7 detection for Microsoft from Expel?
(for starters… you’ll be able to see what you’re paying for)
Detections for Microsoft
Our detections alert on Microsoft-specific features that attackers often exploit including suspicious and abnormal activity that may have otherwise slid through the cracks
Boost visibility across your Microsoft stack
Comprehensive monitoring of Microsoft’s tools and apps means you’re in the know from first alert to fix
We make sure you get the most out of the Microsoft investments you’ve already made and give you the metrics to prove it
Collaboration on Teams
Our analysts (and bots) use the tools you’re in every day to message you when things look suspicious (so we can get things fixed ASAP)
Expel helped us optimize our security signal, which saved us about $150,000 a year. Now we’re using that money to accelerate several other strategic security initiatives.”
– Patrick Gilbert, Head of security and Senior IT Security Manager