According to a recent report by the Canadian Anti-fraud Centre, the number of reported Business Email Compromise victims doubled from 2019 to 2020. The average financial loss was $65,816 per incident not including IT, legal, or any other fees incurred due to the incident.

These attacks not only have a huge financial cost, but they also can damage business relationships, potentially leading to loss of business. In Business Email Compromise attacks, often the attacker is able to defraud employees, customers and suppliers for months before being discovered.

Monitor the security best-practice health status of your Microsoft 365.

• Only One Global Admin

• Too Many Global Admins

• Global Admin without Alternate Email

• Mail Forwarding Rules to External Domains

• Domain Spoofing Prevention

Reduce your cyber risk through the application, and enforcement, of strong security settings.

• Force on the audit logs if they are ever turned off.

• Block “bad” known file extensions as email attachments.

• Automatically block all emails from a pre-determined list of spam-friendly countries

• Prevent users from sharing the full details of their calendar with external users.

• Prevent your users from giving permissions on M365 to third-party apps

• Prevent auto-forward from your tenant to external organizations.

• Enable Multi-Factor Authentication for admins or all users.

• Restrict the ability for non-admin accounts to run Powershell.

• Add a warning message to any email with an attachment that contains an identifiable web link.

• Add a warning message to any email using your domain or a staff name that does not originate from within Microsoft 365.

• Force on the mailbox audit logs if they are ever turned off.

• Allow Microsoft to remove files and emails from your users inboxes if they are found to be dangerous after delivery.

• Reduce spam and illegitimate emails by limiting the email languages you accept

We detect the following events that can potentially indicate unauthorized activity.

• An account is deleted in Microsoft 365

• Whenever a change to user permission involving administrator privilege happens

• Whenever an email is sent using Exchange 'Send As' functionality to impersonate someone else

• Whenever a file is shared from SharePoint or OneDrive in a way that allows anonymous users (i.e. anybody) to access it.

• Files being deleted manually from retention mechanisms like the recycle bin's recycle bin.

• Whenever an additional license is assigned to an existing account.

• Whenever a license is removed from an existing account

• If an Exchange rule is created to automatically forward emails to a mailbox outside your organization

• Whenever someone who is not the owner accesses a mailbox

• Whenever access to a mailbox is permanently granted to someone who is not the owner of the mailbox

• Any changes in Microsoft 365 to the settings that have been applied by our system

• Whenever a new account is created in Microsoft 365

• Whenever a new site collection is created

• Whenever a site collection is deleted

• Whenever a user signs in from a country not listed as approved

• If an account is accessed more than the configured threshold, within the specified amount of time

• User Accessed with Previously Unknown Device and IP

Leave it to us to investigate alerts and eliminate false positives so you can focus only on the threats that matter.

• Microsoft 365 Security Analysts will review every alert in 60 minutes or less

• Every alert researched and classified as either false positive, benign or requiring further action

• Alerts that require action will be sent to you

• If you have happier IT Managed Detection & Response, remediation of actionable alerts will be performed by the Security Operation Center 24/7/365.

Get access to a searchable online audit log as well as a weekly PDF report which provides you insight into your Microsoft 365 and can act as evidence to comply with audit or regulatory requirements.

• Searchable Audit Log of all Detections

• Weekly Health Report and Audit Log Report (PDF) sent to your Report Vault in the happier IT Portal and kept indefinitely

happier IT Managed Detection & Response clients benefit from integration with the Security Operations Center for improved detection and 24/7/365 remediation.

• Provide holistic 360° of security, improving detection rate and reducing false positives.

• Security Analysts respond and remediate true threats 24/7/365

Advanced pre-built or custom reporting can be generated as-needed or can be scheduled and sent to your Report Vault in the happier IT portal to meet specific your specific compliance needs.

• Azure AD

• Exchange

• One Drive

• SharePoint