SaaS Alerts: Account Monitoring to Keep Data Safe

By Ted Brown | June 6, 2023
Ted Brown is Ntiva’s Director of Product Management, our go-to guy for all things product related and our certified Microsoft expert!

Have you ever had one of those heart-stopping moments where you realize your account is being used by someone else? This kind of cybersecurity breach can cause BIG problems. How will you know if your data was compromised? What about your colleagues' passwords and client info?

Software as a Service (SaaS) Alerts can help stop these breaches by informing you immediately of any potential unwanted account access anywhere in the world. Let's take a look at the details!

Don't want to read the article? Interested in seeing our expert demos?
Watch the full recording below.

Be sure to
register here for the "Ntiva Lunch and Learn" webinar series!


What Are SaaS Alerts?

SaaS Alerts are automated threat detection response tools for your cloud services. When your account is accessed, a notification is sent out. Was it you logging in from another device? No problem, ignore the alert. Not you? One button will terminate the login and block future access from that device and/or location.

There are four "pillars" to the SaaS Alerts solution, helping protect against data theft.

Logging - The capability to log over 200 different types of events.

Alerting - 24x7 real-time monitoring of the SaaS products.

Responding - Review and react immediately to any potential threats.

Reporting - Comprehensive report on user behavior and application events for review

These four pillars ensure that even if your accounts are accessed maliciously, threats can be stopped before any serious damage is done.


Why Do I Need SaaS Alerts?

While I am not a fan of playing up people's fears, uncertainties, or doubts, the reality is, cybersecurity breaches keep increasing year after year.


SaaS Alerts List


On top of that, 61% of all breaches are completed through identity theft, either through leaked or outright stolen password. In 2021 alone, there were nearly 20,000 cases of reported business email compromises, resulting in over $2.4 billion dollars lost.

We always hear about ransomware attacks, but you never hear about business email compromise attacks because they go unnoticed for so long! Without a product like SaaS Alerts, someone on the other side of the world could have access to your account for days, weeks, or months without you ever knowing. That is plenty of time to steal important data without ever tripping a single alarm.

Simply put, it's only a matter of time until this happens to your business.


How SaaS Alerts Protect Your Data - Real World Examples

I use SaaS Alerts every day of my life, even with my personal accounts. Here is my real bank account.

SaaS Alerts


I don't go through my statement every month line by line, but I do have SaaS Alerts setup so that any time a transaction completes for more than $50, I receive a text message so I can confirm it's validity.

Even if all of the transactions are legitimate, this is an easy way to keep an eye on things and keep my account data security at the front of my mind.

Another, more business-focused example might be administrative permission alerts. Say you've setup SaaS alerts to tell you when a user has been elevated to administrator. This act in itself happens all the time, and might not be indicative of an attack, but it's worth following up on. Let's make sure John Smith really was supposed to be elevated to administrative level, and if not, let's resolve the issue as quickly as possible.

We've seen accounts be accessed secretly and forwarding rules created so that valuable account information is forwarded to someone else overseas. With SaaS Alerts, you are notified of this action immediately. Are you really traveling overseas and need your emails forwarded? Ignore the notification. But most likely, this was not a legitimate forward, and the breach can be fixed immediately.


The Pillars of a SaaS Alert Program


SaaS Alerts collects over 200 different types of events that occur within the applications it's monitoring. These logs are saved for 365 days, which is incredibly important because popular software vendors like Microsoft 365 only retain logs for 30 days. If you need heuristic looks about what's happening with a user or an application, you need yearly logs.



Alerts tell you the moment an account is accessed or breached. These timely alerts are crucial to keeping your data safe. We use three different classifications for alerts; low, medium, and high. While low alerts are mostly information, essentially saying "someone shared a file," "an email rule was deleted," or something along those lines, medium and high alerts are treated on the same level. These alerts are acted on immediately, and either validated or stopped instantly.



Say multi-factor authentication (MFA) was disabled on a user's account, this would trigger a high alert and our team would investigate in seconds. We may find that this was a normal action in a larger troubleshooting process and ignore any further action. However, if this was done maliciously, we will disable the account, re-enable the MFA, and alert the user to update their account information immediately.

SaaS Alerts enables pre-configured responses to common situations, preventing any potential damage to your infrastructure. This means that any time a situation occurs, such as an account breach, the pre-configured response steps will trigger automatically. In these situations, accounts can be locked automatically until our Ntiva team is available to diagnose and take the necessary steps following any potential breach. Talk about peace of mind!



I love the reporting side of SaaS Alerts! It comes in particularly handy when you're trying to educate your co-workers as to why you need to enhance your IT security behavior. You can show where mistakes are made or potential doors are left open for attack. This is especially true with things like Office 365, where logins can be saved and stored on public devices, leaving you vulnerable.

With reporting, you can build a picture of what a normal employee's location might be. You can think take that info back to the responding pillar, and create rules to prohibit further action if an account is accessed from an odd location. These settings can of course be changed if you know someone is leaving the country or moving to a new city, etc.


SaaS Alerts: Another Tool in Your Organization's Cybersecurity Arsenal

I'm so excited that Ntiva is offering SaaS Alerts. I truly believe it will help secure so many more businesses in the future. Armed with the information SaaS Alerts brings, organizations can be prepared to respond and protect themselves from potentially devistating effects of cyber threats.

Interested in learning more? Reach out to us and see what SaaS Alerts can do for you!


New call-to-action

Tags: Microsoft