Share on:

You’ve likely found yourself here looking for a way to get more visibility into your Microsoft 365 environment. Or, you’re looking for an affordable, easy way to meet cybersecurity insurance and/or compliance requirements for log monitoring, SIEM (security information and event management), threat detection and response. 

If so, you may be interested in learning more about what Blumira can offer in our free edition, and what to expect once you sign up. Get started easily in minutes with this simple guide, adapted from our detailed documentation article Getting Started that’s available in our free help center.

While our free edition is a great way to explore Microsoft 365 security, our affordable paid editions provide expanded coverage with unlimited integrations, longer data retention, 24/7 security operations team support for critical priority issues and much more (more details below). Each edition is priced predictably per user so you don’t have to worry about spikes in data ingestion fees or additional costs per host or endpoint as your organization grows.

How Does It Work?

Once you sign up and connect your organization’s Microsoft 365 application to Blumira, our platform will collect, centralize, analyze and monitor your organization’s logs for suspicious activity. We’ll send you a finding whenever we identify something unusual or suspicious, plus provide you with instructions on how to resolve the issue quickly. 

It’s easy for IT admins to set up fast and start seeing security value. See how you can get started:

Sign Up Fast

Once you’ve filled out Blumira’s free edition form on blumira.com/free, sign up in our product one of two ways:

1. Existing Microsoft account (single sign-on or SSO):

Click Continue with Microsoft and you’ll be logged in automatically using your existing Microsoft login credentials.

2. Email address

Click Sign up with email and enter your email address

Check your inbox for a message from Blumira and follow the instructions to verify your account and log in to Blumira.

Easily Connect to Microsoft 365

Next, set up your integration with Microsoft 365 – send your logs to Blumira and our platform will analyze these logs to detect, notify and help you respond to threats.

See our article on Integrating with Microsoft 365 for pre-requisites and detailed steps.

Once you’ve completed configuration and gathered IDs/secret key on the Microsoft side, you can configure your integration using Blumira’s Cloud Connectors.

1.On the Welcome screen, click Connect to Microsoft 365

2. Copy and paste in the IDs and secret key (note: you must have Global Admin privileges and enable Auditing in your compliance settings)

3. Click Continue to complete setup. Blumira will immediately start importing your logs and automatically applying detection rules to your account.

See Security Value

Click Go to Summary Dashboard, or find it under Dashboards > Summary to explore the value of Blumira’s detection and response. See each feature explained below:

Depending on your log data, it may take some time before real findings are generated. Blumira’s approach to threat detection is to test, tune and refine rules to reduce the number of noisy false positive alerts you receive, and focus on real patterns of attacker behavior. 

Learn more about our detections and approach in Blumira’s Threat Detection data sheet (PDF).

Example Findings & Playbooks

To see example findings and playbooks, click on Generate sample findings:

NOTE: These are available only as examples of what Blumira may detect — they are not based on any real customer data, users, endpoints, etc.

Above, you’ll see a finding analysis of suspicious activity detected. This one is titled “Creation of a forwarding/redirect rule.” 

Why is this an important finding for security?

  • This is one technique often used in business email compromise (BEC) attacks that use social engineering to commit acts of fraud
  • Attackers may create inbox rules to lengthen the amount of time before a compromise is detected
  • These rules may remove email from sent folders or delete incoming messages to a victim’s mailbox

We give you all of the data you need in this finding, plus a workflow to guide you through next steps for faster resolution.

Active Rules & Security Reports

On your summary dashboard, you can click on Detection Rules to see a complete list of rules active in your account, meaning Blumira is analyzing your logs for indicators of this suspicious and threat-related behavior:

And you can click on Reports to see a list of all security reports you can view after your logs have been imported to Blumira’s platform:

Many different compliance regulations require organizations to review user access and login activity. 

Blumira allows you to easily run and review reports with just a few clicks, including reports on failed Azure AD user login attempts, password changes and resets, successful logins outside of the U.S. and more. Blumira’s platform also automates log review and analysis, sending you findings of any anomalous user activity.

Learn more about Blumira’s security reports.

Blumira’s Paid Editions

Here’s what you get in each of Blumira’s different paid editions:

Microsoft 365

Free users can upgrade to the Microsoft 365 paid edition to gain access to:

  • 24/7 SecOps (security operations) team support for critical priority issues, full security & tech support, webinar access to help with M365 and using Report Builder
  • 30 days of data retention (extended from 7 days in the Free edition), useful for historical overview and investigation
  • Advanced reporting features, like Scheduled Reports to send custom reports periodically
  • Additional dashboards for responders, managers and security admins to easily view security trends in your environment at a glance
  • Detection Rule Management to see all active rules, detailed detection analyses and the ability to toggle rules on/off to customize them to your organization’s needs


Get everything in the paid Microsoft 365 edition, plus:

  • 3 key cloud integrations – Microsoft 365, Duo Security and SentinelOne
  • 24/7 SecOps team support for urgent priority issues, full security & tech support and webinar access for M365, Duo, SentinelOne and Report Builder
  • 1 year of data retention, ideal for meeting compliance and cybersecurity insurance requirements


Get everything in the Cloud edition, plus:

  • Unlimited integrations for on-premises and cloud, including infrastructure (AWS), endpoint security, firewalls, servers, and more for easy correlation of data and full coverage across your entire environment
  • Dynamic blocklists to immediately block threats through Blumira’s platform via firewall integration; no human intervention required
  • Honeypots you can easily set up using our sensor to detect lateral movement and unauthorized access attempts
  • 24/7 SecOps team support for urgent priority issues, full security & tech support
    • Periodic network scanning and one network attack surface assessment
    • 3 one-on-one onboarding sessions with a TAM (Technical Account Manager)
    • Webinar access for Microsoft 365, Duo, AWS, SentinelOne, Report Builder and troubleshooting log ingestion
    • Quarterly business reviews for organizations that qualify for our Executive Sponsorship Program (ESP)

Pay Per User For Additional Features

Free users can easily upgrade to different tiers of Blumira’s platform by navigating to Settings > Billing and selecting a plan that fits their organization’s needs:

From there, you can select either a monthly or yearly plan. Then click on Launch Stripe Portal.

Enter your total user count in “Update Quantity.” Blumira defines a user as the number of knowledge workers in your organization. For example, if you have 80 employees working at your company, you would enter that amount.

Then fill out your payment info and click Subscribe

Predictable, Affordable SaaS Pricing

We make it easy for you to predict your security costs annually and monthly so you can budget accordingly – no need to ask your board or finance team for more budget due to unpredictable log ingestion fees, or pay for additional hosts or endpoints.

Our editions are set at a per-user subscription model. We define a user as the number of knowledge workers in your organization, or basically the number of employees with emails who use them. 

On average, our solution is 20-50% more affordable than other detection, response and SIEM solutions available in the market today, and provides greater security value designed specifically for SMBs to easily set up, use and manage with their existing team.

Experience Blumira’s Free edition by signing up today – no credit card or sales conversation required to get started:

Free Trial

Security news and stories right to your inbox!