Office 365 Data Security and Threat Detection

Lock down sensitive files and emails, monitor user behavior, and prevent data leaks across Office 365 and on-premises data with a unified data security platform.

Request A Demo

Improve the security of your hybrid IT environment

Using Office 365 alongside on-premises data stores introduces data security and governance challenges that cloud-only security solutions can’t tackle alone.

That’s why thousands of customers use Varonis to monitor and protect petabytes of data from insider threats and cyber attacks. Our platform combines security intelligence from cloud and on-premises data stores, giving you a complete picture of risk, actionable alerts, and automated remediation.

Assess, prioritize, and mitigate your biggest IT security risks

Varonis maps who can access data and who does access data in SharePoint Online, OneDrive, and Exchange Online. We show you where users have too much access and safely automate changes to access control lists and groups, drastically reducing your attack surface.

  • Alerts
  • File Servers
  • Active Directory
  • Exchange
  • SharePoint
  • Exchange Online
  • SharePoint Online
  • OneDrive
  • GDPR
Complete Permissions Visibility
Double-click on a folder, site, or mailbox to see who has access to it, or click on a user or group to see everything they can access – across all your data stores. Varonis figures out nested groups, inheritance, and even identifies folders where permissions aren’t functioning correctly.
Customizable Dashboards & Reports
Intuitive risk dashboards reveal exposed folders, stale data, and accounts with passwords that never expire. Built-in reports help you trend key security metrics and prepare for Office 365 compliance audits. Run reports on demand, or schedule them for automatic delivery.
AI-Powered Recommendations
Our machine learning algorithm flags users with unnecessary access. Acting on these recommendations is a fast and accurate way to reduce risk and get to least privilege. Model permissions changes in a sandbox and commit changes to Office 365 with just a few clicks.

Find and lock down sensitive data that's been shared externally

How much of your sensitive data in Office 365 is open to anyone via anonymous links? Varonis classifies sensitive and regulated data in OneDrive and SharePoint online with our powerful Data Classification Engine, so you can see what’s at risk.

But finding sensitive data is only the beginning. Because Varonis knows who can and who does access data, you can safely lock down at-risk data, remove excessive permissions, and revoke links.

Simulate and commit changes to safely remediate risk

A powerful commit engine can simulate access control changes in a sandbox and commit them when ready. There’s no need to understand all of the idiosyncrasies between Office 365 and on-premises permissions models— Varonis provides a single abstract interface for managing data access.

Take remediation a step further. Automation Engine finds and safely fixes global groups and inconsistent permissions on entire servers with just a few clicks, making remediation projects exponentially faster than manual techniques.

Remove sharing permissions in one click
Remove sharing permissions in one click
See exactly which users would be affected by a permissions change
See exactly which users would be affected by a permissions change
Schedule actions during a change control window
Schedule actions during a change control window
Roll back changes if needed
Roll back changes if needed

Search a unified audit trail of events from Office 365 and beyond

With a unified audit trail, admins or security analysts are only a few clicks away from knowing who's been opening, creating, deleting, or modifying important files, sites, Azure Active Directory objects, emails, and more.

Investigate Office 365 security incidents and troubleshoot issues with a searchable, sortable interface. See a user’s activity across cloud and on-premises systems in a single view. Your complete audit history is always at your fingertips--there’s no need to roll or archive logs.

Prevent data breaches with behavior-driven threat models

Alert on critical activity with who, what, when, where details —before and after states, data sensitivity, IP address, and more. Risk assessment insights give SOC analysts rich context with every alert, including deviations from historical baselines, peer analysis, watch list membership, devices used, geolocation, and more.

With over 100 threat models, DatAlert detects everything from unusual mailbox activity, to insider threats, to known ransomware behavior. Take automatic action to disable a compromised account, kill active sessions, and send alerts to your SIEM for further analysis and correlation.

Unauthorized privilege escalations
Mass delete behaviors
Abnormal lockout behaviors
Attempts to damage and destroy operational files
Exploitation tools
Membership changes
Modifications to critical files and units
Modifications to critical GPOs
Suspicious access activity
Permission changes
Brute force attacks
Attempted data exfiltration
Ransomware behavior
Unusual file activity
Unusual mailbox and email activity
Access to sensitive data
Unauthorized access attempts
Unusual encryption activity


7 Best Practices for Data Security in Office 365 and Beyond

Want to protect data wherever it lives? A strategic hybrid data security program is vital. Follow these 7 best practices for data security in Office 365 and beyond.

Office 365 compliance reporting
Office 365 compliance reporting

Out-of-the-box security audit reports mapped to specific regulatory standards, including GDPR, PCI-DSS, HIPAA, SOX, GLBA, FISMA/NIST, and more.

Exchange online non-owner mailbox auditing
Exchange online non-owner mailbox auditing

Find users with overly delegated mailbox permissions and alert on suspicious activity, such as sysadmins reading executive emails and marketing messages as unread.

SharePoint Online & OneDrive data access auditing
SharePoint Online & OneDrive data access auditing

Get a detailed audit trail of actions on documents, lists, sites, and more. We combine and analyze Office 365 and on-premises events together to build a complete risk profile.

Access request workflows
Access request workflows

Authorization workflows let users request access to folders, groups, distribution lists, and SharePoint sites, folders, and lists through an easy-to-use web form.

Entitlement reviews
Entitlement reviews

Reviews are delivered directly to data owners which lets them see who currently has access to their data and make changes without any involvement from IT.


Frequently Asked Questions

What's the install like?

It’s simple and painless: DatAdvantage for Office 365 is an agentless installation, configured in a few steps.


How do you collect data?

All data collected via secured and official Microsoft APIs.

Get a personalized Office 365 risk assessment

We’ll show you identify your biggest security gaps and give you tailored operational plan to reduce risk, detect threats, and drastically improve your security posture in Office 365.