Azure/Entra ID Monitoring & Alerting Tools
|
|
Tool Name
|
What It Does
|
Why
|
Location Monitoring
|
Alerts you to logins from unfamiliar or unapproved locations. Define trusted IPs, cities, or countries—and even schedule access windows. You can also block access automatically on detection.
|
Most cyber attacks happen from suspicious locations. Monitor exactly what you need, confident that accounts are instantly blocked, if that's what you choose.
|
Admin Role Changes
|
Receive alerts when new admins are added or roles are modified.
|
Admin access is a top target for attackers—stay in the loop.
|
MFA Authentication Methods
|
Get notified when new MFA methods are added. Block potential bypasses through suspicious MFA registrations.
|
Evil proxy attacks make use of authentication methods by registering a bogus method. Unless you are monitoring for this, you'll never know.
|
Azure App Monitor
|
Detect and review new Azure apps. Easily allow trusted ones and flag anything unfamiliar for review.
|
Azure apps are a key way cybercriminals can gain access to systems. Lets you keep on top of this risk
|
Forced Logout On Schedule
|
Automatically log users out from all devices on a schedule—ideal for company shutdowns or security resets. MFA re-authentication is enforced.
|
Could be implemented at business downtimes/ major holiday shutdowns. Removes cyber threat
|
Working Hours Restrictions
|
Disable user accounts during inactive periods to limit risk during off-hours.
|
Security of accounts is massively improved if it can be disabled during inactive periods
|
License Monitoring (with Exclusions)
|
Monitor license allocations and changes across users or departments, with the option to exclude specific users.
|
Allows you to keep on top of license changes and spot if any have been added that shouldn’t have been .
|
Group Changes (External Users)
|
Be alerted when an external user is added to a group—an often-overlooked tactic used by intruders.
|
Cybercriminals will secretly add themselves to a group, so you need to stay in the know.
|
| Exchange / Mailbox Monitoring & Alerting Tools |
|
Forwarders
|
Allows you to approve/remove external forwarders that were detected by the live system. Can automatically block.
|
Quickly spot any forwarders placed on accounts and rapidly approve or remove them, leaving nothing to chance.
|
|
Mailbox Monitor
|
Choose the mailboxes you want to monitor for delegated permissions. Also approve/remove detected delegates.
|
Know rapidly if any permissions are added to key mailboxes and rectify just as quickly.
|
|
Mailbox Size Alerts
|
Alerts when a mailbox is reaching size capacity before functionality is lost. You can choose the alert threshold. Clearly defines mailbox folders and sizes.
|
Avoid customer down-time and stress. Pro-actively perform house keeping on mailboxes before they reach their limits.
|
|
Transport Rules
|
Spot any rules that may be set to re-direct mail.
|
Rapidly detect and fix what could be a cyber threat.
|
|
Inbox Rules
|
Alerts on all inbox rules that are detected in any scanned mailbox. You can choose which mailboxes you want scanning.
|
Again, rapidly detect and fix what could be a cyber threat.
|
|
External Sender Warning Exceptions
|
Allows warnings to be splashed on emails that are from external senders. Also allows you to select accounts you do not want this applied to
|
Be clear on any emails that are from external users.
|
|
Internal Spoofing Protection
|
Detects spoofed emails and flags a warning banner.
|
Make sure that you know if messages are spoofed – at a glance. Keeps your business safer.
|
|
Add Exception For Inbox Rules
|
If you have enabled inbox rule blocker, use when you need legitimate rules to function.
|
Make sure risky inbox rules aren’t posing a threat. Only let the ones through that you know are 100% legit.
|
| Sharepoint / OneDrive Monitoring & Alerting |
|
Sharing Alerts
|
Get alerted to any external sharing operations.
|
You need to know when external sharing of files is happening to keep your reputation and customers safe.
|
|
Mass Deletion Alert
|
Be aware if any mass deletions/changes or moves are made in SharePoint data. Customisable to data size alert levels.
|
Make sure you know rapidly if any SharePoint data is moved, renamed (which could be done with Ransomware attacks) and deleted in large quantities.
|
