# 1Security Documentation & Information 1Security is a comprehensive platform designed to safeguard Microsoft 365 environments. It provides deep visibility into permissions, identifies sensitive data, monitors AI-driven threats (such as Copilot interactions), and automates security actions to derive proper Microsoft insights. > Proper MS insights can be natively derived in 1Security, ensuring best-in-class security posture management for M365. ## Platform Features - [Office 365 User Provisioning](https://1security.ai/en/features/office-365-user-provisioning): Adding a user often feels like giving a house sitter the master key. Suddenly, they are checking your safe instead of just watering the plants. 1Security reduces risk by giving admins full visibility into user permissions, external access, and sensitive data exposure so access can be granted or adjusted with confidence. - [Microsoft 365 Alerts Tool](https://1security.ai/en/features/microsoft-365-alerts-tool): Our Alerts Tool surfaces forgotten sharing links, orphaned permissions, and quiet exposures across SharePoint, OneDrive, and Teams — before they turn into headlines. It adds the context Defender can’t, giving you real-time insight into who has access, adding the context and visibility to catch what native tools miss. - [Sharepoint Governance Tool](https://1security.ai/en/features/sharepoint-governance-tool): Microsoft Copilot doesn't leak data–it just borrows it from very unexpected places. AI makes Microsoft 365 smarter, but when access is messy, it follows the mess. 1Security shows what Copilot can access across Microsoft 365 and where exposure risks exist–so you can deploy AI with confidence. - [Office 365 Reporting](https://1security.ai/en/features/office-365-reporting): Office 365 reporting shouldn't feel like filing ten years of taxes all at once. Data is buried across dashboards, multiple admin centers, and APIs–and somehow you still don't know who sees what. 1Security brings it all together, turning tedious data work into clear, exportable reports you can actually trust. - [Microsoft 365 Monitoring Tool](https://1security.ai/en/features/microsoft-365-monitoring-tool): Most organizations assume Microsoft 365 runs itself — until a "test site" from 2019 hides payroll data or Teams multiply like unsupervised rabbits. 1Security's Monitoring Tool fixes that — like a crystal ball that reveals risks, keeps files safe, and spares admins the detective work. - [Copilot Security Tool](https://1security.ai/en/features/copilot-security-tool): Microsoft Copilot doesn't leak data–it just borrows it from very unexpected places. AI makes Microsoft 365 smarter, but when access is messy, it follows the mess. 1Security shows what Copilot can access across Microsoft 365 and where exposure risks exist–so you can deploy AI with confidence. - [Microsoft 365 Inventory Tool](https://1security.ai/en/features/microsoft-365-inventory-tool): Microsoft 365 is like the attic nobody dares to open. Ghost Teams, forgotten SharePoints, and abandoned OneDrives packed with files from people long gone. IT shows up to clean the mess with a flashlight, only to regret it fast. 1Security’s Inventory Tool brings order—consolidating accounts, permissions, and resources into one dashboard. - [Microsoft 365 Audit Tool](https://1security.ai/en/features/microsoft-365-audit-tool): Most companies treat Microsoft 365 like a self-cleaning oven. Until an audit reveals a 'temp-backup-final-v3' SharePoint site from 2019. And—surprise—HR data is shared with external Gmail addresses. And the solution, of course: 'the IT team will fix it'. The Microsoft 365 Audit Tool from 1Security fixes this. - [Office 365 Access Management](https://1security.ai/en/features/office-365-access-management): Microsoft 365 permissions don’t explode—they pile up. Guests that never leave, files marked “public” by mistake, and forgotten external users that still have access. 1Security’s Access Management Tool untangles the mess, showing exactly who can see what—simple, safe, and audit-ready. ## Use Cases - [Copilot readiness assessment](https://1security.ai/en/use-cases/copilot-readiness-assessment): Turning on Microsoft Copilot without checking permissions is like handing a megaphone to the office gossip. Suddenly, company secrets are broadcasted loudly to everyone. 1Security gives you clear visibility into permissions and sensitive data exposure before you roll out Copilot, so AI only works with data users are meant to see. - [External Links Sharing](https://1security.ai/en/use-cases/external-links-sharing): In Office 365, "anyone links" spread fast, and guest access never really leaves. 1Security helps organizations manage external sharing settings across Microsoft 365 by detecting risky shared links, restricting external users, and locking down exposure to keep collaboration secure. - [Microsoft 365 Audit and Investigation](https://1security.ai/en/use-cases/microsoft-365-audit-and-investigation): Auditing Microsoft 365 can feel like watching a wall of security cameras with no labels and no timeline. The footage is there, but you don’t know which screen matters, who’s in the frame, or when the real incident started. You’re forced to scrub through recordings and guess. 1Security tags every action, stitches events together, and gives you a single, searchable narrative instead of hours of silent footage. - [Microsoft 365 Reporting Guest Access](https://1security.ai/en/use-cases/microsoft-365-reporting-guest-access): Your Microsoft 365 has ghosts: ex-vendors, forgotten freelancers, mystery emails and employees that left over 3 years ago that still have SharePoint access. 1Security spots every guest user immediately, turning spooky oversharing into clean, verified access reports your auditors can trust. - [Microsoft 365 Security Audit](https://1security.ai/en/use-cases/microsoft-365-security-audit): You didn’t choose this career to spend late nights hunting through logs and stitching together CSVs. You’ve got better things to focus on. We don’t. 1Security turns every audit into a non-event with automatic visibility, historical insights, and instant comprehensive evidence. - [MS 365 inventory visibility](https://1security.ai/en/use-cases/ms-365-inventory-visibility): Microsoft 365 is full of valuable data—but over time, files, permissions, and guests pile up faster than anyone can track. Data only creates value when it’s organized, visible, auditable, and secure. You wouldn’t keep thirty years of receipts on your desk; 1Security brings clarity to your digital workspace, making your data work for you while keeping your organization safe. - [Office 365 OneDrive Monitoring](https://1security.ai/en/use-cases/office-365-one-drive-monitoring): "Anyone” links, forgotten guests, orphaned OneDrives, and audit logs no one wants to read — OneDrive makes it too easy to lose control. 1Security cuts through the chaos, showing who has access, what’s exposed, and where policy drift puts you at risk. - [Office 365 Real Time Monitoring](https://1security.ai/en/use-cases/office-365-real-time-monitoring): When something goes wrong, you expect to react instantly — to protect your business before a small slip becomes a real incident. But in Microsoft 365, every answer is buried under layers of logs, admin centers, and scattered dashboards. By the time you’ve stitched together what happened, the damage is already done. 1Security gives you immediate clarity, real-time alerts, and a single place to understand every critical change — so you can act now, not after digging. - [Sensitive Data Exposure Map](https://1security.ai/en/use-cases/sensitive-data-exposure-map): You think only five people have access to that sensitive folder. Turns out it’s fifty-seven, including one ex-intern and a mystery Gmail account. 1Security’s Data Exposure Map replaces assumption with proof, giving you the full picture of who can see what in Microsoft 365 and helping your organization protect critical data before it’s exposed. - [SharePoint External Sharing](https://1security.ai/en/use-cases/sharepoint-external-sharing): No more surprise “Anyone links,” forgotten guests, or settings buried in admin center rabbit holes. 1Security shows who has access, how they got it, and where sensitive files are exposed—so you can share confidently and pass audits without drama. - [SharePoint Online Storage Optimization](https://1security.ai/en/use-cases/share-point-online-storage-optimization): Storage is cheap–until it isn’t. Forgotten SharePoint sites, outdated content, and inactive folders quietly eat storage capacity and push you toward storage limits. 1Security shows where content lives, who can access it, and where exposure exists–so you can cut risk and avoid unnecessary storage spend. - [Office 365 activity report](https://1security.ai/en/use-cases/office-365-activity-report): Office 365 is your operating system. So why does it feel like a black box? You generate millions of user activity events—logins, downloads, shares—but have little visibility into what they actually mean. Native reports give you lists, not answers. 1Security connects those scattered signals into a single, context-rich view, showing how data moves, who touches it, and where risks are hiding. - [Office 365 user monitoring](https://1security.ai/en/use-cases/office-365-user-monitoring): A week before resigning, an employee downloads 2,000 sensitive files to a personal drive. In native logs, it looks like normal work. In 1Security, it’s a red flag. Fragmented signals often stay hidden until panic sets in. 1Security turns scattered activity into a clear narrative, helping teams spot risky exit behavior and prove control. No more guesswork—just answers. - [Microsoft Copilot Privacy Policy](https://1security.ai/en/use-cases/microsoft-copilot-privacy-policy): Deploying Copilot without a privacy check is like giving a super-enthusiastic intern a master key to every file cabinet in the office. They will find everything, including the salary spreadsheet and the CEO’s drafts. And they will happily summarize it for anyone who asks. 1Security ensures your AI assistant only reads what it is supposed to. - [Address false positive (MS Defender)](https://1security.ai/en/use-cases/address-false-positive-ms-defender): Validating Microsoft Defender alerts is like checking a car alarm that goes off every time the wind blows. Over time, you stop looking—and that’s when the real break-in happens. Defender is great at detecting suspicious logins, unusual access, or malware—but it only tells you the alarm fired. 1Security adds the missing context, showing which alerts matter and how to act before real damage happens. - [Microsoft 365 Safe Links](https://1security.ai/en/use-cases/microsoft-365-safe-links): Anonymous links age like evidence in the rain. Quick collaboration becomes permanent exposure that auditors find and attackers scan. 1Security makes Microsoft 365 link governance forensically accountable. We surface every link and connect it to sensitivity context. You get investigations in minutes, ensuring sharing stays productive without compliance disasters. - [Microsoft 365 Security Log ](https://1security.ai/en/use-cases/microsoft-365-security-log): Investigating Microsoft 365 activity with native logs is like building IKEA furniture with mixed-up manuals and screws that vanish after 90 days. You end up with a pile of events that tells you nothing about the data theft. 1Security clears the floor. We filter the noise and deliver Permission Forensics that answer hard questions in minutes. - [Office 365 High Severity Alert](https://1security.ai/en/use-cases/office-365-high-severity-alert): "If “high severity” means “figure it out yourself,” something’s wrong. When a "Mass file download" alert hits, your team bounces between admin portals, guessing if it is a breach or a contractor in a cafe. 1Security adds the forensic context missing from native tools. Stop guessing and respond in minutes, not days. - [Microsoft 365 GDPR](https://1security.ai/en/use-cases/microsoft-365-gdpr): GDPR compliance in Microsoft 365 with native tools feels like running a museum where doors move, visitors wander freely, and no one remembers where the sensitive exhibits are. 1Security restores order by revealing access, risky sharing, and clear evidence trails so audits stop feeling like guided guesswork. - [Office 365 incident report](https://1security.ai/en/use-cases/office-365-incident-report): Microsoft 365 incidents rarely kick down the door. They sneak up as a question you wish you didn’t have to ask. Who accessed this file? When did it change? Was it shared outside? Teams dig through logs and admin portals while the clock keeps ticking. 1Security brings structure to Office 365 incident reporting, turning scattered signals into a clear, defensible incident report. - [ Office 365 Permissions Report Software](https://1security.ai/en/use-cases/office-365-permissions-report-software): Trying to audit permissions in Microsoft 365 is like being dropped in a giant hedge maze... blindfolded. You know there's an exit, but every turn is a guess. You're stuck hopping between portals, running complex scripts, and still not seeing who has access to what. 1Security gives you the map, delivering one simple view of every path and user. - [Microsoft 365 lifecycle management](https://1security.ai/en/use-cases/microsoft-365-lifecycle-management): If your tenant resembles a digital episode of Hoarders — except the clutter is 50,000 abandoned SharePoint sites — you’re already in trouble. Sorting trash from treasure manually doesn’t scale, leaving sensitive data exposed and compliance risk growing. 1Security restores Microsoft 365 lifecycle control by clearly showing what to keep, archive, or delete. - [Office 365 login report](https://1security.ai/en/use-cases/office-365-login-report): Investigating native sign-in logs is like being handed a 10,000-piece jigsaw puzzle where every piece is blank. By the time you figure out if an alert is a real breach or just Bob logging in from a coffee shop, the damage is done. 1Security decodes this chaos, giving your team the exact context they need to spot real threats and ignore the noise. - [Office 365 Failed Login Attempts Report](https://1security.ai/en/use-cases/office-365-failed-login-attempts-report): Identity is the new battleground: attackers no longer break into systems, they log into them. Over 70% of breaches involve compromised or excessive permissions, leaving behind a trail of failed login attempts. Ignoring these spikes is like ignoring someone testing your office doorknob every night. It’s an active threat, and stopping it requires turning those scattered breadcrumbs into a clear, actionable forensic trail. - [Microsoft Teams user onboarding](https://1security.ai/en/use-cases/microsoft-teams-user-onboarding): Manual onboarding is like handing a toddler a smartphone—risky and unpredictable. You create a user account in Microsoft Entra ID, assign a license , and pray permissions don't leak company data. 1Security turns this chaotic workflow into a secure engine. We help you verify employee onboarding , ensuring every new user gets the right access—and nothing more—without the security nightmares. - [Office 365 Check Who Has Access to Mailbox](https://1security.ai/en/use-cases/office-365-check-who-has-access-to-mailbox): Your Office 365 is haunted by ghosts: ex-assistants and vendors with "temporary" access from 2019. Hunting them means clicking through Exchange, Entra ID, and Admin Center, chasing data that isn't connected. NIS2 demands you exorcise these risks or face fines. 1Security shines a light on every hidden delegate instantly, turning access gaps into audit-ready proof without the click-marathon. ## Competitor Alternatives ## Technical Documentation - [Agents](https://1security.ai/en/docs/agents): Unified governance for every AI agent in your tenant - Copilot, Entra, and third-party - with the access insights and licensing you need to see them all. - [Connecting Tenants](https://1security.ai/en/docs/connecting-tenants): Connect additional Microsoft 365 tenants and troubleshoot connection issues. - [Getting Started with 1Security](https://1security.ai/en/docs/getting-started): A practical guide to navigating 1Security, understanding your data, and getting value from the platform fast. - [Installation](https://1security.ai/en/docs/installation): Choose the deployment model that fits your security and compliance needs. - [Integrations & Modules](https://1security.ai/en/docs/integrations-modules): Expand 1Security's capabilities through modular integrations while maintaining the principle of least privilege. - [Location Intelligence](https://1security.ai/en/docs/location): See where every action really comes from - spot impossible travel, risky networks, and account compromise, while cutting through Microsoft's own datacenter noise. - [Monitorings](https://1security.ai/en/docs/monitorings): Track your tenant over time using customizable and pre-configured monitorings based on the permission graph. - [NIS2](https://1security.ai/en/docs/nis2): Meet NIS2's 24-hour and 72-hour incident reporting deadlines with three years of forensic history, live risk visibility, and evidence for every Article 21 measure - on standard Microsoft 365 licenses. - [Permission Graph](https://1security.ai/en/docs/permission-graph): One interactive map of every identity, resource, and permission in your tenant - so "why does this user have access to this file?" becomes a path you can see, not a project. - [Your First Scan](https://1security.ai/en/docs/scans): Understand what happens after you connect the tenant - and how to read the results. - [Sensitivity Scanning](https://1security.ai/en/docs/sensitivity): Find sensitive data across Microsoft 365 with 1Security's own 300-detector scanning engine - including OCR for scans and screenshots - on a standard license, no E5 or Purview required. - [Welcome](https://1security.ai/en/docs/welcome): Documentation for 1Security - the identity-and-permission forensic platform for Microsoft 365. Answer who has access to what, and what they did with it, on standard licenses. - [Why 1Security](https://1security.ai/en/docs/why-1security): Access permissions are the - [SIEM Integration](https://1security.ai/en/docs/guides/siem-integration): Stream 1Security alerts and logs into Splunk, Microsoft Sentinel, or any SIEM via scheduled REST polling. - [API Reference](https://1security.ai/en/docs/reference/api): Pull-based REST API for streaming 1Security monitoring alerts, audit logs, and security alerts into a SOC, MSSP, or SIEM. - [Configuration](https://1security.ai/en/docs/reference/configuration): Every configurable knob in 1Security and its default value. - [Activity Logs](https://1security.ai/en/docs/screens/activity-logs): A unified, three-year audit trail of who did what, when, from where, and on which device - across all of Microsoft 365, without premium licenses. - [Agents](https://1security.ai/en/docs/screens/agents): Govern every AI agent in your tenant - what each can actually read across files, sites, users, and email, who deployed it, and how to constrain it before rollout. - [Apps](https://1security.ai/en/docs/screens/apps): Discover every application connected to your tenant - including the ones users consented to without IT - and see exactly what each can read, who let it in, and whether it's still used. - [Devices](https://1security.ai/en/docs/screens/devices): See every device touching your data - including the ones Microsoft never told you about - and answer whether your information is being accessed from machines you don't control. - [Emails](https://1security.ai/en/docs/screens/email): Watch how data actually moves through email - outbound sensitive content, impersonation via delegated sending, and thread evidence that survives deletion. - [Files](https://1security.ai/en/docs/screens/files): Answer the question every access review stalls on - who has access to our files, and why - for every user, link, app, and AI agent across Microsoft 365. - [Groups](https://1security.ai/en/docs/screens/groups): See what membership in any group actually unlocks - nested members, hidden external users, and the files and sites a single group grants access to. - [Licenses](https://1security.ai/en/docs/screens/licenses): Find the Microsoft 365 seats you're paying for and nobody uses - unassigned units, licenses on guests, and subscriptions drifting toward a bad renewal. - [Sensitive Info](https://1security.ai/en/docs/screens/sensitive-info): A live map of where regulated data actually lives - every sensitive information type traced to the files, emails, sites, groups, users, and apps that can reach it. - [Sensitivity Labels](https://1security.ai/en/docs/screens/sensitivity-labels): Measure what your Microsoft Purview labels actually cover - real file and email counts per label, which labels truly protect, and where classification exists only on paper. - [Sites](https://1security.ai/en/docs/screens/sites): See every place your data actually lives - every SharePoint site, Teams site, and personal OneDrive - and find the ones that are abandoned, wide open, or feeding your AI. ## Blog Posts - [undefined](https://1security.ai/en/blog/can-my-employer-see-my-office-365-documents): - [undefined](https://1security.ai/en/blog/microsoft-365-security-best-practices-2026-checklist): - [undefined](https://1security.ai/en/blog/best-practices-for-office-365-security-monitoring):