Detecting login anomalies in Microsoft 365

Why rapid detection and response matter even when you follow best practices and enable 2-Factor Authentication.

Matt Iavarone

When it comes to securing Microsoft 365 for Business, step one is enabling multi-factor authentication. This is a very important step, but there are a number of ways to exploit a user account by bypassing MFA or exploiting users to gain access with MFA.

"Hackers who publish phishing kits are beginning to add multi-factor authentication bypassing capabilities to their software."

According to security researchers at Proofpoint hacker kits being made available online are providing transparent reverse proxies that intercept traffic between the victim and the destination, allowing hackers to steal session cookies and gain access to accounts.

This is all transparent to the user and online service companies have no way to detect when an exploit like this occurs.

Once the hacker has access to the account, they can update credentials, modify MFA settings, steal information, and infect systems with ransomware.

“They are easy to deploy, free to use and have proven effective at evading detection."

How does Trawl AI help?

We collect log information and other data points available and build a profile of individual users and their company so that we can detect when an attack like this is successful. By analyzing and trending the frequency of logins and locations, the number of failed sign-ins, what users are accessing and from where, and other key items we know when a successful authentication should not have happened.

When an anomaly is detected, we immediately notify you so you can validate the data, force log outs, and reset credentials for the exploited user. We analyze logins and look for anomalies every minute so you can act quickly to prevent damage to your user accounts and data.

With services from Trawl AI you can:

  • Detect anomalous logins to your user accounts.

  • Get notified when administrative actions are taken within your tenant.

  • Detect user activity anomalies that may indicate they are acting against the tenant owner.

Trawl AI goes beyond the traditional event log management service. We retain logs for at least a year and trend data for 2 years.

Register today for a free trial.

Your 30 day, no-strings-attached trial gives you complete access to the Trawl AI platform. Add a security fail-safe to your Microsoft 365 service today.

We offer unlimited notifications and users for a single tenant during the trial, and we're here to support you.

Or contact us for more information.

Thank you!
The Trawl AI Team