Introducing New Managed Detection and Response Capabilities: Enhanced Security for Microsoft 365

Announcing two new capabilities within our Managed Detection and Response (MDR) services, specifically designed to enhance the monitoring and security of your Microsoft 365 environment. These additions are part of our ongoing commitment to provide the best possible protection against evolving cyber threats.

1. Microsoft 365 Account Isolation: Our first new feature, Microsoft 365 Account Isolation, is a significant step forward in securing M365 user accounts and sensitive data. Compromised accounts can lead to Business Email Compromise (BEC) attacks and even data exfiltration. Let us help you remediate this faster by acting on the suspected accounts to prevent further compromise and loss when your IT staff or MSP are not available to respond.

This capability allows us to:

• Isolate Compromised Accounts: In the event of a suspected compromise, we can now quickly isolate affected accounts, minimizing the risk of data breaches or further infiltration.
• Faster Remediation: Our SOC analysts can disable accounts and revoke all user sessions when suspicious activities are detected, ensuring faster remediation action.  We will also have the ability to re-enable accounts if needed.

2. Microsoft Risky Users Alerting: The second feature, Microsoft Risky Users Alerting, provides enhanced monitoring of account activity classified as Risky Users within your Microsoft 365 environment. Previously we were unable to see this activity.  To take advantage of this enhanced monitoring, you must have a Microsoft Identity Protection with a P2 license level.  Additional permissions will be required and we can provide instructions to help you make the necessary changes.

Microsoft documentation classifies Risky users as:

• The user has one or more Risky sign-ins.
• One or more risk detections have been reported

        For more information on Risky Users, see the official Microsoft Identity Protection documentation.

• https://learn.microsoft.com/en-us/entra/id-protection/overview-identity-protection

What This Means for You

• Enhanced Security: These new capabilities can significantly bolster your defense against cyber threats, particularly in visibility and protecting your Microsoft 365 environment.
• Peace of Mind: With these new capabilities, you can be assured of a safer and more secure digital workspace.
• Seamless Integration: These features are integrated into our existing MDR services, ensuring a smooth and uninterrupted experience.

Next Steps

• Opt-in for these new capabilities: Contact us via email at soc@securit360.com or by telephone at 205-419-9066 or toll-free 844-474-1244. Not yet a client? Contact us through this form.
• Establish rules of engagement: We can discuss your preferences for utilizing the account isolation features such as:
  • Should we disable accounts upon suspicious activity?
  • Or only use isolation when we receive email or voice approval?
• Setup Additional Permissions in Microsoft Entra ID (formerly Azure) / 365: Your team will need to enable some additional API permissions within your Microsoft Entra ID / 365 environment to allow these additional capabilities.
  • We have instructions we can provide to you during the setup process

We are committed to continuously enhancing your cybersecurity posture, and these new MDR capabilities are a testament to that commitment. Thank you for your ongoing support and cooperation in maintaining a secure and resilient digital environment.