AnnouncementCase StudyCheckmarkcustomer-story-iconData Sheethow-to-logoposts
skip to Main Content

Q2 Threat Report. SOC trends to take action on | Take a tour of Expel MDR for Cloud Infrastructure


Microsoft Office 365 Incident Response

24x7 security monitoring, investigation and response

24x7 monitoring of your O365 environment

We’ll monitor your environment 24x7 and detect when accounts are compromised or user activity doesn’t seem quite right. Then, we investigate. We’ll tell you what happened, how it went down and what you need to do to fix it.

What you get

Our Microsoft O365 detection strategy uses built-in APIs to provide:

  • 24x7 monitoring of your O365 instance
  • Thorough analysis of suspicious activity with a detailed findings report
  • Direct access to Expel security analysts and your engagement manager via Slack

What we do

24x7 O365 monitoring

We use a combination of O365-specific detections and our analysts’ judgment to flag anything that seems unusual.

Thorough investigations

Next, we’ll connect the dots from suspicious O365 alerts to find their root cause and provide a detailed findings report (in plain English!).

Fixes written for O365

Finally, we’ll give you detailed guidance on how to fix the problem … and (when possible) how you can prevent it from happening again.

What we look for

(You’ve got our Word, we Excel at this)

Business email compromises (BECs) are by far the most common O365 attacks we see. When an attacker compromises an O365 account they can use it to steal money, data or wreak havoc. But we also see lots of risky behavior that — while it may not be a “threat” — it’s probably not something you want your users doing.

Mailbox permissions
are granted to a user

Unusual volume of
file sharing or deletion

Activity from a suspicious
IP or location


Creation of
odd inbox rules


Applications requesting
admin privileges

How we connect to O365

( … or rather how you connect to Expel 😉 )

Expel uses an Office 365 app that guides you through the process of connecting your O365 environment to Expel. Simply log into your O365 admin account, accept the permissions requests and turn on audit logging. That’s it!


Turn on
audit logging


O365 credentials


Configure O365
in Expel Workbench

Learn about how we’ll keep your data secure and what data we’ll access.

AWS overview What does it cost? Microsoft Azure overview


Seven ways to spot a
business email
compromise in Office 365

As attackers behind BEC attacks find even more clever tactics to use, it’s getting trickier for businesses to protect themselves. But here are some telltale signs you can look for that are tip-offs that something’s amiss.


Three tips for getting
started with cloud
application security

If you’re feeling like your SaaS security knowledge is a bit cloudy, these three pro tips will get you started on the right path.


MFA is not a silver
bullet to secure your
cloud email

Think MFA will be your web mail’s knight in shining armor when a crafty attacker strikes? Think again, and do these four things to make sure your org’s protected.

Review Expel on G2

© 2022 Expel, Inc. All Rights Reserved

Back To Top