1Security

Getting Started with 1Security

A practical guide to navigating 1Security, understanding your data, and getting value from the platform fast.

Welcome to 1Security! This guide will help you understand the core concepts of the platform, how to navigate the interface, and how to start investigating your Microsoft 365 environment immediately.

1. Platform Basics & Navigation

1Security is designed to make complex security data easy to explore.

  • Interactive Visualizations: Every element on our graphs and lists is interactive. Clicking on an item (like a user, file, or site) will drill down and reveal more detailed results and relationships.
  • Data Export: Every list in the platform can be downloaded. This is highly useful for offline reporting, compliance processing, or forensic investigations.
  • Helpful Tooltips: Hover over table cells to view additional context and definitions without leaving your current view.
  • Language Preferences: You can easily toggle the platform language in your account settings to suit your team's needs.

2. Filters & Saved Views

Finding the exact data you need is fast thanks to our precomputed values.

  • Combine Filters: You can stack multiple filters to narrow down results. For example, you can filter for Files containing sensitive information AND Files shared with external users.
  • Precomputed Values: Because our filters use precomputed data, you'll immediately see counts (e.g., exactly how many users have access to sensitive information) before you even apply the filter.
  • Saved Views: Once you build a useful combination of filters, use Save view to keep it for later.
  • Share with Your Team: When saving a view, you have the option to make it public/shared, allowing other team members to access your specific filter configurations.

3. Monitorings

Monitorings are automated rules that alert you to risks, potential cost savings, and data exposure.

  • Ready to Use: When you join, 1Security pre-populates several useful monitorings to give you immediate insights.
  • Relationship-Based Alerts: Monitorings excel at finding complex relationship scenarios. Common examples include:
    • Users with access to sensitive files
    • SharePoint sites with zero active users
  • Customizable & Shareable: You can edit existing monitorings or create your own. You can also share specific monitorings with selected non-admin users so they can track risks relevant to their departments.

4. Logs & Forensics

1Security provides a complete forensic trail of activity in your environment.

  • Comprehensive Tracking: Logs show exactly what resource was modified, by whom, through which app, and on which device.
  • Interactive Log Viewer: For deeper forensic and admin needs, you can access the raw version of the logs using our interactive log viewer.
  • Data Retention: Your logs are retained securely for as long as your tenant maintains an active 1Security license. For example, if you maintain a continuous yearly subscription for three years, you will have three full years of logs available for investigation. (Note: Needs product confirmation on specific minimum retention limits if any).

5. Multitenancy & Administration

1Security makes it simple to manage multiple environments from a single interface.

  • Switching Tenants: Add or switch between tenants quickly using the Select tenant dropdown in the navigation bar, or manage them directly via /dashboard/tenants/.

Managing Accounts and Access

Tenant admins can invite new team members by navigating to /dashboard/1Security-users/ and clicking Invite user.

When inviting a user, you can assign one of three access levels:

  1. Sync with Microsoft 365: The user's admin status in 1Security is automatically determined by their existing Azure AD / Microsoft Entra roles (e.g., Global Administrator, Security Administrator).
  2. Admin: Grants full access to all resources, settings, and tenants in 1Security, bypassing their Microsoft role.
  3. User (Limited Access): The user only sees their own resources. This includes files, emails, groups, and sites they own or interact with, as well as specific monitorings assigned to them.

Tip for Admins: Before sending an invite to a limited User, you can use the built-in preview feature to see exactly what they will see, ensuring they only have access to appropriate data.

On this page

1. Platform Basics & Navigation2. Filters & Saved Views3. Monitorings4. Logs & Forensics5. Multitenancy & AdministrationManaging Accounts and Access