Identity Threat Detection and Response (ITDR) for Office 365

Service Definition • Armstrong Bell • 21 May 2026
Document summary

This document provides detailed information about the services offered to customers utilising our Identity Threat Detection and Response (ITDR) for Office 365 solution. It is designed to provide clarity on the scope of items included within the overall service provision.

Core service provision

Our ITDR service is designed to enhance the security of Office 365 environments by providing advanced threat detection, 24/7 monitoring, and expert-led response. The service provides the following robust feature set:

  • Continuous monitoring of Office 365 activity, including email, SharePoint, OneDrive, and Teams
  • Advanced detection of sophisticated threats such as account takeovers, phishing attacks, and privilege escalations
  • Real-time incident response to contain and mitigate threats before they impact operations
  • Detailed reporting and analytics to track security incidents and improve defence strategies

The solution is jointly managed by our in-house team and Huntress' Security Operations Centre (SOC), ensuring that threats are detected and mitigated proactively. Huntress are well known within the industry as a leading provider of threat response services using a highly talented in-house team.

Service desk support

Customers can contact our dedicated support team for assistance with queries or incidents. Typically the content is raised by the Huntress team's Security Operations Centre when alerts are triggered, however the customer may raise issues where required. Likely topics are:

  • Investigating and responding to alerts related to suspicious Office 365 activities.
  • Resolving issues with blocked or flagged legitimate activities.
  • Providing guidance on improving security settings within the Office 365 platform.

Service coverage is provided in line with the customer’s existing Managed IT Service support contract.

Alert management

Our team receives and manages alerts for a variety of events within the Office 365 environment, including:

  • Unusual login patterns or suspicious access attempts
  • Detection of phishing, malware, or ransomware attacks
  • Critical incidents such as account compromises or data breaches

Each alert is reviewed for impact, and if necessary, appropriate actions are taken to mitigate risks. Communications are sent to customers detailing the incident and recommended steps.

Available reporting
The most common report is a post-incident report that summarises the findings from the completed investigation; as well as any next steps that should be undertaken.
Vendor escalation

Our team collaborates with our Huntress to review any generated incidents and alert data as required. Remediation steps and recommended actions are supplied by Huntress to our team, with further support available if needed. This process is fully managed by our team, with no additional cost to the customer.

Addition of new features

When new features are introduced to the platform that could enhance customer security, these are evaluated for suitability. If any feature requires service disruption or adjustments to existing functionality, customers are notified in advance, and a collaborative approach is taken to implement the changes.

For significant customisations or integrations requiring extensive effort, these items will be scoped and discussed independently with the customer.

On-boarding
The on-boarding steps for the core components are listed below:

  1. Initial assessment and configuration
    • Review the existing Office 365 environment, including licensing and security settings
    • Identify priority areas for protection, such as high-value accounts and sensitive data
  2. Platform integration
    • Connect Office 365 to the ITDR platform for real-time monitoring and analysis
  3. Policy and alert configuration
    • Define policies for detecting and responding to threats
    • Configure alerting and reporting
  4. Baseline threat analysis
    • Perform an initial scan of the Office 365 environment to identify existing threats or vulnerabilities
    • Deliver a baseline report with recommendations for immediate improvements
  5. Incident response planning
    • Establish protocols for responding to detected threats, including escalation procedures
    • Align response workflows with the organisation’s existing incident response plan