1Security

Monitorings

Track your tenant over time using customizable and pre-configured monitorings based on the permission graph.

Monitorings allow you to track your Microsoft 365 tenant over time. By using the permission graph as a base, you can create nearly limitless monitorings in an intuitive UI.

Overview

Monitorings continuously evaluate the state of your environment against defined conditions. They allow you to proactively identify risks such as excessive permissions, sensitive data exposure, or anomalous user activities.

Pre-configured Monitorings

To help you get started immediately, 1Security comes with over 50 popular monitorings pre-configured out of the box.

Examples of pre-configured monitorings include:

  • External Users Downloading Files: Detects when guests or external accounts download documents, especially those containing sensitive information.
  • Insider Risk Detection: Monitors anomalous internal user activities that might indicate a compromised account or insider threat.
  • Sensitive Data Exposure to Copilot: Tracks files containing sensitive information that are indexed and exposed to Microsoft Copilot.

Custom Monitorings

Leveraging the interactive permission map, you can create highly specific custom monitorings. Because 1Security understands the full context of your tenant—users, files, sensitivity, and activities—you can set up alerts for exact scenarios relevant to your organization's security policies.

Sensitivity Scanning

Learn how 1Security performs sensitivity scanning, including supported formats, limitations, and licensing requirements.

SIEM Integration

Stream 1Security alerts and logs into Splunk, Microsoft Sentinel, or any SIEM via scheduled REST polling.

On this page

OverviewPre-configured MonitoringsCustom Monitorings