Understanding Office 365 Logon Events to Catch Intrusion Attempts

Webinar Registration

Let’s say you are being targeted.  Because of your good security the attacker has failed in his attempts to gain access to any internal end points.  But he knows you use Office 365 and he realizes that important information is always to be found in email.  After all we work on what’s important and send and receive a lot of email about whatever we are working on. 

So the attacker searches LinkedIn, Data.com and other sites to identify the people at your organization likely to have access to the information he needs.  With that information, he begins attacking those accounts directly on Office 365.


  • Would you even know the attack was taking place?
  • What could you do about it?
  • Would you have any idea if it were successful?
  • Could you correlate this activity from other activity affecting the same person but on different cloud or on-premises environments, or originating from the same attacker?

In this real training for free webinar, we will do a deep-dive specifically on logon/logoff events from the Office 365 / Azure AD audit logs. 

I will show you:

  • How to get these events
  • Which events are logged
  • What data is provided
  • How events look different depending on whether you use federation (e.g. ADFS) or not

Then we will discuss how to analyze these data to detect risks and correlate with other threats.  AlienVault is our sponsor and Sacha Dawes will briefly show you how AlienVault USM Anywhere combines Office 365/Azure AD audit data with the rest of your security activity to alert you to threats.

Please join me for this technical, real training for free event.

First Name:   
Last Name:   
Work Email:  
Job Title:  

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor.



Additional Resources