M365 & Azure Breach Detection & Assessment

Detect breaches and what the bad guys did, and secure your Entra, Azure, and Microsoft 365 environment for multi-tenant MSPs

One Click to M365 Security

Just log into your Microsoft account and we’ll take care of the rest!
It’s just one click to go beyond the included Microsoft 365, Defender for Office 365, Entra, and Azure notifications and monitoring.
Lavawall® processes the complex Entra ID logs, correlates the data with your known workstations to reduce false positives, and gives actionable notifications that keep your clients safe while saving you a lot of time and money!
To set up Microsoft 365, Entra, and Azure integration in Lavawall®, just click the M365 Account Setup button.


Microsoft 365 / Entra / Azure Dashboard

It’s time to get a quick view of your clients’ Microsoft 365 risks. Get quick notifications about breaches, such as:
  • Successful logins after failed logins from unknown addresses (yes, this system integrates with the Lavawall® agent to prevent false positives)
  • Unusual geographic locations
  • Impossible travel (yes, even without Entra ID P2)
    Impossible travel risk detection for Microsoft 365, Azure, and Entra.
  • Password spraying and stuffing attacks
  • Session hijacking
  • MFA abuse
  • Indicators of compromise like suspicious mail rules
  • License utilization
  • much more...

    • Breach detection and configuration summaries for Microsoft 365, Azure, and Entra.

    Click any of the summaries for details like this:
    Details for Suspicious login sequences like impossible travel and credential stuffing.


    What should an MSP do with a new client who had an Office 365, Microsoft 365, or Azure Breach?

    1. Add them as a client in Lavawall
      (On the left side, under Client Orgs, click Add, fill out the information and click Create Organization
    2. If necessary, select the client name from the top client drop-down menu.
    3. Click M365 Account Setup at the top of the dashboard (in the orange rectangle below
    4. Login to Microsoft 365 and approve the read-only security permissions.
    5. Within a few minutes, we’ll analyze M365 and Azure logs, mail rules, Intune, Entra ID settings, and other indicators of compromise.
      A summary will quickly appear on the dashboard with details for each available in Lavawall®'s Microsoft 365 Security and Breach system.
    Setup Microsoft 365 Synchronization for breach discovery and M365 security configuration

    Yes, it’s really just a one-click (plus login) setup to immediately learn if, how, and when your Microsoft 365 tenant was breached!

    Setup Microsoft 365 Synchronization for breach discovery and M365 security configuration

    While Lavawall® is refreshing your data, you'll see a real-time progress bar go across the top of the dashboard. This typically lasts less than 5 minutes an happens at least once per day.

    From the “All Companies” dashboard view, you can also initiate the setup by clicking the Setup button beside any companies that haven't been set up yet in the Microsoft 365 summary view. You can quickly locate the company using the search box as well.

    Setup Microsoft 365 Synchronization for breach discovery and M365 security configuration from multi-tenant Lavawall® view


    Integrated endpoint and Microsoft 365 / Entra

    Lavawall® can use Intune data for refinement; however, it also correlates the Windows, Mac, and Linux data with Microsoft 365 and Entra logs.
    This allows Lavawall® to reduce false positives found in other Microsoft 365 and Entra security products like SaaS Protect, Petra, and Inforcer. Device login details including Microsoft 365



    If you have any questions or need further assistance, feel free to reach out through our chat, phone or email on our contact page!