We get it. Your data is important to you. It’s also important to us. You’re here because you want to learn more about how Expel will connect to your O365 instance and how we will keep you and your data safe. Well, you’ve come to the right place.
In order to send alerts from O365 to Expel, you’ll need to run our installer that connects your instance to our application running in Azure. The installer requires the following permissions to run and successfully integrate your organization with Expel’s service:
Microsoft Graph API
- Read all users’ full profiles
- Read all groups
- Read all identity risk event information
- Read directory data (This is required for the install process)
Windows Azure Active Directory
- Read directory data
Office 365 Management APIs
- Read activity reports for your organization
- Read DLP policy events including detected sensitive data
- Read service health information
- Read threat intelligence data
These permissions allow Expel to see the information we need in order to find malicious activity with your O365 environment. The installer app will only run once and when it’s completed, you’re good to go.
Also, all the authentication and authorization happens through OAuth, meaning that Expel never knows or stores your authentication credentials (ie: your password). All of that is handled between you and Microsoft.
Once we ingest data from your environment, we protect it throughout its lifecycle. Expel has a robust cyber risk management program in place that includes technical controls such as data at rest and data in transit protection, endpoint and network monitoring, and application specific instrumentation. We also have operational controls in place such as auditing all administrative access, change management, vulnerability management, and a broad incident response program. Also Expel is a customer of Expel, so we rely on our own service to protect us 24/7/365.
If you have any questions regarding how we secure your data, feel free to contact us and we’re happy to chat.