New update! We’re now offering more cloud integrations and doubling data retention for our Free SIEM edition.
You’ve likely found yourself here looking for a way to get more visibility into your Microsoft 365 environment. Or, you’re looking for an affordable, easy way to meet cybersecurity insurance and/or compliance requirements for log monitoring, SIEM (security information and event management), threat detection and response.
If so, you may be interested in learning more about what Blumira can offer in our free edition, and what to expect once you sign up. Get started easily in minutes with this simple guide, adapted from our detailed documentation article Getting Started that’s available in our free help center.
While our free edition is a great way to explore Microsoft 365 security, our affordable paid editions provide expanded coverage with unlimited integrations, longer data retention, 24/7 security operations team support for critical priority issues and much more (more details below). Each edition is priced predictably per user so you don’t have to worry about spikes in data ingestion fees or additional costs per host or endpoint as your organization grows.
How Does It Work?
Once you sign up and connect your organization’s Microsoft 365 application to Blumira, our platform will collect, centralize, analyze and monitor your organization’s logs for suspicious activity. We’ll send you a finding whenever we identify something unusual or suspicious, plus provide you with instructions on how to resolve the issue quickly.
It’s easy for IT admins to set up fast and start seeing security value. See how you can get started:
Sign Up Fast
Once you’ve filled out Blumira’s free edition form on blumira.com/free, sign up in our product one of two ways:
1. Existing Microsoft account (single sign-on or SSO):
Click Continue with Microsoft and you’ll be logged in automatically using your existing Microsoft login credentials.
2. Email address
Click Sign up with email and enter your email address
Check your inbox for a message from Blumira and follow the instructions to verify your account and log in to Blumira.
Easily Connect to Microsoft 365
Next, set up your integration with Microsoft 365 – send your logs to Blumira and our platform will analyze these logs to detect, notify and help you respond to threats.
See our article on Integrating with Microsoft 365 for pre-requisites and detailed steps.
Once you’ve completed configuration and gathered IDs/secret key on the Microsoft side, you can configure your integration using Blumira’s Cloud Connectors.
1.On the Welcome screen, click Connect to Microsoft 365
2. Copy and paste in the IDs and secret key (note: you must have Global Admin privileges and enable Auditing in your compliance settings)
3. Click Continue to complete setup. Blumira will immediately start importing your logs and automatically applying detection rules to your account.
See Security Value
Click Go to Summary Dashboard, or find it under Dashboards > Summary to explore the value of Blumira’s detection and response. See each feature explained below:
Depending on your log data, it may take some time before real findings are generated. Blumira’s approach to threat detection is to test, tune and refine rules to reduce the number of noisy false positive alerts you receive, and focus on real patterns of attacker behavior.
Learn more about our detections and approach in Blumira’s Threat Detection data sheet (PDF).
Example Findings & Playbooks
To see example findings and playbooks, click on Generate sample findings:
NOTE: These are available only as examples of what Blumira may detect — they are not based on any real customer data, users, endpoints, etc.
Above, you’ll see a finding analysis of suspicious activity detected. This one is titled “Creation of a forwarding/redirect rule.”
Why is this an important finding for security?
- This is one technique often used in business email compromise (BEC) attacks that use social engineering to commit acts of fraud
- Attackers may create inbox rules to lengthen the amount of time before a compromise is detected
- These rules may remove email from sent folders or delete incoming messages to a victim’s mailbox
We give you all of the data you need in this finding, plus a workflow to guide you through next steps for faster resolution.
Active Rules & Security Reports
On your summary dashboard, you can click on Detection Rules to see a complete list of rules active in your account, meaning Blumira is analyzing your logs for indicators of this suspicious and threat-related behavior:
And you can click on Reports to see a list of all security reports you can view after your logs have been imported to Blumira’s platform:
Many different compliance regulations require organizations to review user access and login activity.
Blumira allows you to easily run and review reports with just a few clicks, including reports on failed Azure AD user login attempts, password changes and resets, successful logins outside of the U.S. and more. Blumira’s platform also automates log review and analysis, sending you findings of any anomalous user activity.
Learn more about Blumira’s security reports.
Predictable, Affordable SaaS Pricing
We make it easy for you to predict your security costs annually and monthly so you can budget accordingly – no need to ask your board or finance team for more budget due to unpredictable log ingestion fees, or pay for additional hosts or endpoints.
Our editions are set at a per-user subscription model. We define a user as the number of knowledge workers in your organization, or basically the number of employees with emails who use them.
On average, our solution is 20-50% more affordable than other detection, response and SIEM solutions available in the market today, and provides greater security value designed specifically for SMBs to easily set up, use and manage with their existing team.
Experience Blumira’s Free edition by signing up today – no credit card or sales conversation required to get started: