Time is everything when it comes to cyber threats. One of our clients saw that first-hand recently when a suspicious sign-in was detected and actioned in just minutes — all without any disruption to their day.
Behind the scenes, this was more than just good luck or a responsive analyst. It was the result of smart tooling and proactive licensing decisions.
Microsoft 365 Lighthouse raised a high-risk sign-in alert. Our Security Operations Centre (SOC) picked it up immediately.
Within minutes:
All active sessions were revoked
The account was locked down and protected
The user was contacted and guided through secure reauthentication
A full audit trail was captured
No emails compromised. No files accessed. No downtime.
This kind of response just isn’t possible with the standard Microsoft 365 licensing stack. The real hero here was Microsoft Entra ID P1, which we’ve now rolled out across all our managed tenants.
Entra ID P1 enables:
✅ Real-time sign-in risk detection
✅ Conditional Access policies
✅ Identity Protection alerts
✅ Session control and automation
In this case, it gave us the alert. Without it, we wouldn’t have known anything was wrong — until it was too late.
Cyberattacks are becoming more targeted and sophisticated, especially in professional services where data is a goldmine. The speed of your response can be the difference between inconvenience and disaster.
With Entra ID P1 in place, we’re able to:
Detect risky sign-ins (even those that don’t trigger MFA)
Automate containment steps like session revocation
Investigate, escalate, and act — fast
Licensing isn’t the most exciting part of IT, but in this case, it’s what allowed us to deliver a real win. If you’re relying on default Microsoft 365 security, you’re missing the tools that matter most.
Want to know if your Microsoft 365 setup is giving you the protection you need?
Let’s talk. We’ll review your security posture and show you how Entra ID P1 fits into a modern, zero-trust approach.