Microsoft 365 security monitoring
The COVID-19 pandemic has resulted in significant changes to working patterns for most organisations, with a more geographically dispersed workforce than ever before. Many organisations are making more and more use of Microsoft 365 (previously Office365) for collaboration. Security of a Microsoft 365 tenant starts with visibility of operations, yet many organisations remain unaware of the day to day activities and usage of the platform.
Microsoft 365 provides a Cloud based platform for business productivity, including Email (Exchange), SharePoint, Active Directory, Teams and OneDrive (as core offerings). The rich functionality also means that there are several opportunities for unseen security issues to arise.
RedBear has built and run Microsoft 365 security monitoring for our existing financial services and Public Sector clients for several years and is a mature and comprehensive offering significantly beyond that of the standard Microsoft out of the box security monitoring offering.
Our Microsoft 365 monitoring solution is an extension to our Cloud Managed Security Service.
Some of the key areas that RedBear’s Security Monitoring of Microsoft 365 include are:
- Detection and alerting of failed logins from inside and outside Australia for Azure Active Directory;
- Detection of brute force attempts;
- Anomalous user behaviour access patterns (failed and successful) across the core products, including location and behaviour changes;
- Identification of impossible travel scenarios (login attempts from geographically disperse locations) across the core products;
- Access to SharePoint and OneDrive objects from external domains, including public sharing of objects;
- Identification of privileged operations within Microsoft 365;
- Security Compliance centre alerting such as suspected phishing emails;
- Usage statistics across Exchanges, OneDrive and Exchange statistics (information such as top sites/URLs, upload/downloads);
- Behaviour that may indicate a compromised Exchange mailbox;
- Administrator changes to their own account or group membership in Azure Active Directory.