Blackpoint Cloud Response FAQ
Overview
Activate Blackpoint Cloud Response for active monitoring and unified response across your cloud services, including all associated apps, data, and settings. Cloud Response enables our 24/7 security operations center (SOC) to see contextual data within your cloud environment and provide immediate and active response against anomalous behavior. Further, Cloud Response allows you to set up policy features to implement cyber hygiene processes across all users and monitor events through custom notifications.
Currently, Cloud Response supports Microsoft’s 365 services, namely, Azure Active Directory (AD), Exchange, and SharePoint. The addition of other cloud platforms and identity providers are planned for future iterations so we can continue to provide extensive coverage for our partners and minimize your attack surface.
July 2022 Update: We are pleased to announce that additional protection is available for Microsoft 365 in Blackpoint Cloud Response. To take advantage of this update, you will need to grant additional permissions for each domain. You can do this directly in the Cloud Response portal with a click of a button. Note that the notification in the portal will remain visible until you have granted the permissions.
Cloud Response Highlights
- Extends Blackpoint's MDR capabilities into Microsoft's 365 cloud service. This gives our SOC the ability to provide immediate response to adversarial threats, rather than alerting you to take action yourself.
- MDR agent allows our SOC to respond to threats on the endpoint and compromised user accounts in Microsoft 365 with Cloud Response.
- Leverages Blackpoint's nation-state grade MDR technology to provide active monitoring and unified response across both your on-premises and cloud environments.
- Self-serve Cloud Response web application walks users through a simple, guided six-step onboarding process. Use the web application to:
- Manage your Microsoft Azure AD and Exchange policies,
- Control and customize Azure AD, Exchange, and SharePoint event email notifications across a tenant, and
- Control and customize individual user event email notifications within a specific tenant. This includes the ability to schedule future date ranges in the case of known travel to unapproved countries.
- Complimentary additions of other cloud platforms and identity providers (enhancements planned throughout 2022 and 2023).
Frequently Asked Questions
Is Blackpoint MDR required for Cloud Response?
Yes. Cloud Response is an add-on solution to our proprietary MDR technology. Our 24/7 SOC leverages our MDR technology to see the contextual data needed to provide immediate response in your Microsoft 365 cloud environment.
How will Cloud Response be priced?
Please contact your Blackpoint partner success manager to learn about pricing.
How will I be charged?
Your Cloud Response costs will be charged per user per month. These charges will be included in your standard monthly Blackpoint MDR bill.
What immediate actions are Blackpoint SOC able to make during a security event?
After you have successfully set up Cloud Response, our 24/7 SOC will take decisive actions against any malicious activity on your behalf. Our SOC analysts have the ability to lock and unlock accounts, expire tokens, and force a password reset.
Will I see Cloud Response for Microsoft 365 alerts in SNAP-Defense?
Email notifications set up in Cloud Response are independent from SNAP-Defense notifications. Only critical alerts will appear in SNAP-Defense. All other email notifications must be configured in Cloud Response.
Will Blackpoint add more cloud platforms and identity providers?
Yes. Additional cloud platforms and identify providers will be added in future releases of Blackpoint Cloud Response.