Office 365 Security

The problem with Office 365 Security

How can you tell what’s suspicious?

If you don’t know what’s normal…

Your employees perform thousands of actions in Office 365 every day.

As a result, your Office 365 platform is filled with confidential, sensitive, and personal data, and the service is accessible on any device, as long as the correct credentials are used. How do you identify suspicious activity and keep it protected?

How quickly could you respond to a breach?

The General Data Protection Regulation (GDPR) specifies that any potential data loss incident containing personal data needs to be reported to the ICO within a very tight timeframe. Failure to comply can result in hefty fines, so you need to have a strong, repeatable strategy for detecting incidents quickly. Can you afford a slow response?

Auditing tools

When an incident occurs, you need to find out what happened, who’s responsible, when it happened, and what action needs to be taken. To get these details, you need comprehensive auditing of all activity. More importantly, the audit trail needs to be clear, responsive, and easily searchable, providing both a ‘micro’ and ‘macro’ view of exactly what’s happened.

Microsoft’s built-in Office 365 Audit log lacks the advanced capabilities required by larger, more complex organizations. The service is simply not built for rapid response, nor extensive filtering, and there’s no visualization of the date, in graph or chart form. Not only that, you have a limited detection window as there’s a 90-day limit on audit data before it’s removed. Finally, you have to make sure auditing is enabled, otherwise it will not capture any activity on your tenant.

The solution

When it comes to Office 365 security, you need a proactive, preventative strategy at the forefront, and a fast, effective response acting as your back-up – for if (or whensomething manages to breakthrough.

Office 365 Security & Compliance Resources

Microsoft is pretty good at hardening the walls of Office 365, however, there’s so much scope to have a greater grasp of control over what’s going on in your environment.

Wouldn’t it be great if you could easily monitor high-level trends and admin activity in your environment? Therefore, increasing your capability to identify suspicious activity.

Prevent. Alert. Respond.

Our Office 365 security and auditing solution enables you to quickly see all activity in your environment in a clear, customizable timeline view, with a range of audit reports, highlighting different areas of vulnerability. The audit data is retained for a year, with the option to extend this further.

Take a proactive approach to improving security settings by isolating sensitive areas of your environment and reviewing your permissions models regularly. Monitor high-level trends and admin activity, so that you know what ‘normal’ looks like.

Respond quickly to a potential threat with intelligent on-event alerts. Configure alerts on any abnormal activities, or sensitive areas which need increased supervision, and receive email or SMS notifications so you can investigate immediately.

Example use cases:

  • Viewing/downloading or modifying sensitive documents
  • Accessing important/restricted SharePoint Online sites
  • Multiple failed sign-ins
  • High-impact admin activities, like elevating privileges, or creating user accounts.
  • Log-ins from suspicious locations

Where your investigation starts depends entirely on the information you have: maybe it’s a date range, a specific action, or a workload that has been targeted. Advanced filtering can be applied to drill down into individual timescales, users, or events, enabling you to rapidly identify the source of the incident.


  • Detect and investigate suspicious activity in Office 365.
  • Validate that security policies are working effectively, and create new policies based on a clear understanding of activity and vulnerabilities.
  • Identify external attacks on your environment, such as brute force password attacks or user credential leaks.
  • Produce an audit log of activity in Office 365 for a particular user, or a particular timeframe.

Find out more our Office 365 security solution: Radar for Security & Audit