Microsoft 365 Email - User Account Targeted Security


Organizations have hundreds of sources generating log events each day, with a large proportion generated by end-users. Most IT departments won’t have the resources to validate the legitimacy of log events leaving suspicious activities going unnoticed.

Voleer Microsoft 365 Targeted Security Notifications can help by generating notifications of potentially suspicious activities to end-users every 7 or 14 days so that they can help verify their activity and alert IT if there is any activity not performed by them.

How it works

The template processes log data across Microsoft 365 and generates end-user specific notifications based on activity as such

  • Compromised third party accounts

  • Login locations

  • Bulk emails sent

  • Granted or received mailbox permissions

  • Added devices


To use this report, you will need to

Getting started

To start using this template, perform the following:

  1. Sign in to your Voleer account or sign up for a new account

  2. Find and click on the tile labelled Microsoft 365 Email - User Account Targeted Security template from the list of templates within the library

  3. Select a workspace from the dropdown, a compatible Dataset and then click on Launch
    Note - If there are no compatible datasets there will be a link to create one.

  4. Configure the template options, then click on Validate Template Configuration

    Note - Section 2: Accounts, Option 3: Filter using SQL query string allows advanced selection of user accounts based on fields and operators.
    For example, using the string JobTitle = ‘%Sales%’ will include all users with the word Sales in their job title.
    Multiple of operators can be combined with AND and OR statements to further refine the records being included. For example, JobTitle = ‘%Sales%’ AND Country = ‘United States’ will include users with the word Sales in their job title who are located in the United States.
    The dataset can be filtered via the following fields:

  • UserPrincipalName
  • DisplayName
  • JobTitle
  • MobilePhone
  • PostalCode
  • Department
  • Country
  • City
  • State
  1. Validate the details of the configuration and then click on Execute. Note - if the configuration is incorrect, cancel the run and start a new instance

  2. Once completed, you will receive an email with a summary of the notifications sent. Clicking on the details of the run link will bring you back into Voleer, allowing you to save the template configuration and schedule the template as a recurring job


Have an issue?

Post a comment in this article and someone will get back to you as soon as possible