Skip to main content
👤 Identity is the new perimeter  ·  Powered by Guardz ITDR

Stop the account takeoversyour firewall can't see.

Real-time AI detection across Microsoft 365 and Google Workspace — credential theft, MFA bypass, session hijack, risky sign-ins, OAuth abuse — backed by 24/7 expert response.

Get started →Talk to us

Powered by Guardz ITDR on the unified MDR platform.

protek-it-itdr — identity-threat-detection | m365 + google-workspace● 2 Identities MonitoredIDENTITY MONITORalmartin@mariettapm.comM365 · Admin role⚠ SUSPICIOUSImpossible travel detectedalmartin@mariettapm.comGoogle Workspace · OwnerSECUREMONITORING FORImpossible TravelMFA BypassOAuth AbuseSession HijackInbox Rule Manipulation · BEC1ActiveIDENTITY EVENT FEEDLIVE⚠ Impossible Travel — almartin@mariettapm.comLogin: Atlanta GA → Lagos Nigeria · 14 min apartM365 · Now · Session suspended pending reviewRisky OAuth app granted — almartin@mariettapm.comApp: "DocuSign Clone" · Full mailbox access requested · 32m agoInbox rule created — forward all to externalRule: fwd → attacker@protonmail.com · BEC indicator · 1 hr agoMFA challenge passed — almartin@mariettapm.comNormal sign-in · Atlanta GA · Google Workspace · 2 hrs agoPrevious alert resolved — session revokedCompromised session terminated · Jun 10, 2026RISK ANALYSISIdentity risk score74Risk signals detectedImpossible travelRisky OAuth appInbox rule · BECAutomated response① Session suspended automatically② OAuth app revoked③ Admin notified · review requiredMonitoring M365 · Google Workspace · 2 users · real-time AI analysis1 identity incident active · review required

What it does

Identity signals, unified and acted on

Cross-cloud signal correlation

Pulls auth, mailbox, OAuth, and endpoint signals into one normalized identity timeline. The fragmented log story becomes a single incident.

AI detection, low noise

Flags only what matters: impossible travel, token replay, anomalous OAuth grants, MFA fatigue, and suspicious admin role assignments.

Human-led containment

Suspend session, revoke refresh tokens, force MFA reset, disable risky OAuth apps — executed by our SOC, around the clock.

How it works

From OAuth connect to monthly review

01

Connect tenants

OAuth-connect Microsoft 365 and/or Google Workspace. Read-only at first; response permissions added once you're comfortable.

02

Discover users & risk

Inventory of users, admins, MFA coverage, stale accounts, dormant tokens, and exposed OAuth grants within 24 hours.

03

Detect & respond

Continuous monitoring; confirmed identity threats are contained before lateral movement.

04

Monthly hygiene report

Identity posture trend, top risks, and recommended cleanups — reviewed with your account lead.

Built on: Guardz ITDR Microsoft 365 + Google Workspace ProTek IT 24/7 SOC

Security Controls — Live Status

Loading

Endpoint Security

...

Identity Protection

This product
...

Email Protection

...

Cloud Data

...

Dark Web Monitoring

...

Security Training

...

Phishing Simulation

...

External Footprint

...

FAQ

Common questions

Lock down your identities.

Tell us which tenants you'd like covered. We'll come back with scope and timeline within one business day.

Get started with ITDR

A short note about your M365 / Google Workspace footprint is enough.

Protected by Cloudflare Turnstile. By submitting, you agree we may contact you about MPM Tek ProTek IT.