Microsoft 365 Integration

Version – Microsoft 365 (E3, E5, F3 licenses for Enterprise; Basic, Standard, Premium licenses for Business; G3, G5 license for Government Community Cloud (GCC); GCC High, and Department of Defence (DoD) subscriptions).

Microsoft 365 is a cloud-based subscription service that combines best-in-class apps like Excel and Outlook with powerful cloud services such as OneDrive and Microsoft Teams. Microsoft 365 helps to create and share anywhere on any device.

Microsoft 365 Data Source Integration for Netsurion Open XDR captures important activities in Exchange, Azure Active Directory, SharePoint, OneDrive, and Teams. Monitoring these activities is critical from a security aspect and necessary for compliance reasons. Learn more about Microsoft 365 security coverage below or start with an introduction to protecting Microsoft 365.

Netsurion Open XDR manages logs retrieved from Microsoft 365. The alerts, reports, dashboards, and saved searches in Netsurion Open XDR are enhanced by capturing important and critical activities in Microsoft 365.

Azure Active Directory (AD)

Monitors the action by the admin users like user accounts added or deleted, escalation of privilege. You can also monitor the password or policy changes.
Tracks user login activity to Microsoft 365 with a geographic location for identifying compromised accounts.
Identifies suspicious login attempts using user location affinity. Alerts user login from a new location / suspicious IP address for the first time.
Detects brute force login attempts with geographic information.
Complies with Microsoft guidelines by monitoring sign-ins from multiple geographies, sign-ins from unknown sources, user administration activities, group administration activities, and application administration activities.

Microsoft 365 Exchange Online

Audits the administrator actions, including mailbox creation and deletion
Traces emails
Identifies the users who access mailbox folders, purge deleted items, access other mailbox accounts
Monitors the changes to Exchange policies that might result in security loopholes for malware/spam/spoof emails
Complies with Microsoft guidelines by monitoring mailbox activity, changes to mail forwarding rules, and mail transport rules

Microsoft 365 SharePoint

Monitors the action performed by the SharePoint admins like a site added, deleted, modified, etc
Monitors the file activities like file shared with outside people, file upload, and download.

Microsoft 365 OneDrive

Monitors the action performed by the OneDrive admins like a site added, deleted, modified, etc.
Monitors the file activities like file shared with outside people, file upload, and download.

Microsoft 365 Advance Threat Protection (Microsoft Defender)

Detects the malicious mail received by the Exchange online.
Identifies the attacker using its geolocation.
Detects malicious attachment in Exchange online.

Azure Active Directory Multifactor Authentication (MFA)

Tracks user with MFA, login activity to Microsoft 365 with a geographic location for identifying compromised accounts.
Monitors user’s MFA activity such as enable and disable strong authentication requirements.

Microsoft 365 Data Loss Prevention (DLP)

Tracks sensitive information loss in Outlook and SharePoint.

Microsoft Cloud App Security

Monitor all cloud services, assign each a risk ranking, identifies all users and third-party apps able to log in.
Identify and control sensitive information (DLP) response to classification labels on content.

To take advantage of this data source integration and to learn more about alerts, reports, and dashboards, contact your Technical Account Manager (TAM). If you are not currently a Netsurion customer or partner, contact us to learn more.

24X7 SOC-AS-A-SERVICE

OPEN XDR PLATFORM

USE CASES

WHY NETSURION

PARTNERS

ALL CYBERSECURITY INSIGHTS

Level up your cybersecurity!

ABOUT NETSURION

XDR Hot Company

Next-Gen MDR Service

Best MDR Solution

Microsoft 365