AnnouncementCase StudyCheckmarkcustomer-story-iconData Sheethow-to-logoposts
skip to Main Content

Working with Microsoft

24x7 detection and response for Microsoft Defender for Endpoint, Azure and Office 365

If any of these sound like you, chances are we can help.

You’ve put your “eggs” in the Microsoft basket and want to get the most value out of it

You’re migrating to Azure and need help securing a new hybrid world

You’re using O365 and need to catch BEC attacks before they happen

You’ve got Defender and Sentinel in place and need a triage “easy button”

24x7 detection and response for …

On-prem infrastructure

Cloud infrastructure

Saas apps

When it comes to monitoring your Microsoft environment, the sky’s the limit (maybe that’s why they call it Azure). With so many tools out there it can be tough to know where to start and what to look for. We apply our detection strategy for each of Microsoft’s top services so the value from your investments is as clear as the sky is blue (okay, enough with the Azure puns).

Microsoft service
Examples of how we use them Detect Investigate
Defender for Endpoint Endpoint protection, FTW
Active Directory Monitors who’s accessing your environment
Azure Platform Logs Provides insight into events in the Azure infrastructure
written by Expel
Azure Log Analytics Adds insight into your data
AD Identity Protection Flags risky sign-ons
Microsoft Cloud App Security (MCAS) Gives us comprehensive alerting based on activity in your Azure environment
Azure Security Center Sends us alerts which we analyze and run to ground
Azure Sentinel Azure’s cloud-native SIEM looking for things that go bump in the night
O365 Audit Log Another avenue to detect suspicious activity
written by Expel
 
O365 Security and Compliance On the lookout for user activity that matches an alert policy

What does Expel for Microsoft include?

Expel automates security operations across your Microsoft stack by ingesting signals from Defender for Endpoint, Azure, Sentinel, Office 365 and MCAS. We apply our detection strategy to these signals to identify activity that doesn’t look right like suspicious logins, data exfiltration, suspicious RDP activity or unusual inbox rules. We even add our own detections in the cloud (where they’re needed most) to ensure we detect suspicious activity before the damage is done.

When something’s suspicious, we investigate and tell you what happened and what you need to do about it (in plain English).

Detections for Microsoft

Our detections alert on Microsoft-specific features that attackers often exploit including suspicious and abnormal activity that may have otherwise slid through the cracks

Boost visibility across your Microsoft stack

Comprehensive monitoring of Microsoft’s tools and apps means you’re in the know from first alert to fix

Optimize signal

We make sure you get the most out of the Microsoft investments you’ve already made and give you the metrics to prove it

Collaboration on Teams

Our analysts (and bots) use the tools you’re in every day to message you when things look suspicious (so we can get things fixed ASAP)

BLOG

Is Microsoft Defender for Endpoint good?

Expel recently integrated Microsoft Defender for Endpoint into our platform and we gotta say, we’re impressed! Our SOC analysts share why they love it and show us how they use it to triage alerts.

BLOG

Seven ways to spot a business email compromise in Office 365

As attackers behind BEC attacks find ever more clever tactics to use, it’s getting trickier for businesses to protect themselves. But here are some telltale signs you can look for that are tip-offs that something’s amiss.

BLOG

Behind the scenes: Building Azure integrations for ASC alerts

Find out how Expel’s internal teams built an integration on top of Azure signal – creating a new detection strategy for ASC that provides more context around alerts and improves customer visibility.

Ready to talk to a human?

When you tell us you’re ready, we won’t waste your time. Let us know what you’re looking for and we’ll have someone get in touch who can talk tech.

844.397.3524

Back To Top