ITDR (MDR for Microsoft 365)

We need a better alerting system, or at least some kind of notification should you suddenly not get any data from client tenants.

The list of VPN services we're able to block is a pretty extensive list. Rather than a blocklist style approach, an allowlist or exceptions to a global blocklist would be helpful. Perhaps a client wants to block all VPN tools except for their Sophos VPN; that would take some time to build out and clutter the dashboard with how things are configured currently.

The Shadow Workflows capability will provide detection and response of the most common post-compromise malicious activities. These activities include: Malicious inbox rule creation (we are completely revamping how we detect malicious inbox rules as part of this effort) Malicious phishing campaigns: At a minimum, we will detect and generate an incident report when a mailbox is responsible for a malicious phishing campaign. Data exfiltration: At a minimum, we will detect malicious file downloads from the Microsoft ecosystem.