O365 SECURITY MONITORING FAQ
Q: How can I subscribe to O365 Security Monitoring service?
A: Contact [email protected] for onboarding activities and pricing structure. Once that you are subscribed to the service, our support team will contact you to organize a 30 minutes session to configure the Office 365 Azure Sentinel Data Connector. You will also need to have auditing enabled on your Office 365. Please see this link for instructions on how to enable this.
Managed Sentinel Inc. commits that within 48 hours after subscribing to the service, the first alert will reach you.
Q: Do I need any additional licenses to use this service?
A: No licenses are required from your end. We cover all Azure licenses and storage requirements. This is a multi-tenant service, therefore the licenses costs are distributed across multiple customers.
Q: My organization is currently using Office 365 Business Essentials license. Does O365 Security Monitoring service works with this license type?
A: Yes, it does. O365 Security Monitoring service works with all type of Microsoft Office 365 license packages including Business and EMS. the requisites are to turn on O365 auditing and of course have all mailboxes migrated to O365.
The rule of thumb is that the higher the license type your organization has, more events and monitoring alerts can be built.
Q: My organization currently has EMS E3 license for 2,500 users. Are there any additional charges for a larger Office 365 environment?
A: No, the monthly service fee for O365 Security Monitoring service is the same regardless of how many users or license type your organization has.
Q: What is the log retention policy for my Office 365 events?
A: We are keeping the logs for all our customers for 3 months online. Our monitoring alerts are designed based on this period of time. If your organization has a retention policy for a longer period, please contact us at [email protected].
Q: Can you extend the service to include my Azure AD and/or Azure Activity events?
A: The O365 Security Monitoring service is a multi-tenant service running only based on Office Activity events. If you want additional monitoring for other log sources, Managed Sentinel is offering other services including a light SIEM service (optimal for SMB organizations) or a full SIEM service at excellent pricing models. Please contact us at [email protected].
Q: Do I to commit to a minimum 1 year contract, or this is a pay-as-you-go service?
A: There is no commitment or contract term for O365 Security Monitoring service. As a matter of fact, we are also offering 1 month free when you get started with the service. Also, you can terminate anytime the service if you feel that there is no enough value for your organization.
Q: My company is using ServiceNow for change and incident management. Can I get my alerts configured to create ServiceNow tickets, instead of emails?
A: The standard service supports only email alerting. However, we can configure the ServiceNow ticketing for your company via a small consulting one-time engagement. Please contact [email protected] for a quote on this.
Q: How can I contact Managed Sentinel support team in case that I would need help troubleshooting my alerts?
A: You can submit a ticket at our support service desk. Part of the service, we continuously tune-up our alerts in order to reduce the false positives. If this ticket is about a new feature request, above the standard service offering, additional charges may be triggered.
Q: Is there an additional charge for Threat Intelligence integration?
A: No, all our customers onboarded in O365 Security Monitoring service will be configured to consume Managed Sentinel Firegen Threat Intelligence feeds free of charge. Also, you will get a set of alerts setup in Azure Sentinel SIEM instance integrated with Firegen TI.
Q: Regarding the daily email report, can I request specific reports/data to be added in?
A: Yes, please send us your requirements to [email protected]. We will review your requirement and advice if the change can be fulfilled as part of the standard service. If the level of customization is significant additional charges may occur.