SecurityRadar: Mailbox Security Made Easy

SecurityRadar was launched in July to enable Microsoft Partners to use data-driven insights to proactively engage with their customers. There are 4 SecurityRadar categories regarding these insights which can transform a customer conversation from theoretical to actionable. This week’s SecurityRadar blog covers the second category, mailbox security.

When customers think about protecting their data, email is often considered one of the most important vulnerabilities to manage. And they would be correct. It is estimated that over 80% of cyberattacks occur within end users’ mailboxes. End user error is the #1 most common entry point for cyberattacks, and email remains extremely vulnerable to malicious behavior due to the very nature of email in the hands of end users.

So how can we continually monitor all end users’ behavior? How can we ensure that each individual’s M365 security settings, device settings, and mailbox settings are optimized for the protection they need? When security is locked down too tight or an external company makes a change which renders their email suspicious, how can we manage erroneously blocked emails? How can we quickly detect and respond to an incident?

And how are any Microsoft Partners running successful cloud security practices managing all these areas, and more, profitably, at scale?

In our previous SecurityRadar blogs, we covered how SecurityRadar provides a much more 360-degree view and tools to gather foundational security insights and manage access & permissions, which themselves are often contributing to mailbox protection. This SecurityRadar blog focuses on managing common day-to-day security settings, as well as cyberattacks such as phishing, and how to do so across your entire customer base using Security Manager.


While M365 inherently contains some controls and defenses against common mailbox attacks such as spam and fishing attacks, SkyKick’s Security Manager at its core allows you to have visibility and powerful controls across your entire customer base. Partners tell us that alone is extremely valuable for multiple reasons.

Phishing attacks are the most common security risk and it is an emergency when they emerge. Prior to Security Manager, partners tell us that those days where there is a widespread cyberattack going around, their teams often undergo multiple costly days preventing, detecting, and remediating incidents across their entire customer base, even those not impacted. With Security Manager, you can execute a number of security measures for all your customers at once. This not only saves you and your team hours or days of work, but more importantly for your customers, enables you to implement the right security measures quickly, for all your customers at once. Now that’s fighting cyberterrorism.

There are over 16,000 commands and workflows at your fingertips with Security Manager to help prevent and react to cloud security incidents such as phishing, and SkyKick continues to add to this vast collection to keep up with emergent threats, Microsoft updates, and industry best practices.

But the power of SecurityRadar does not end there.

Each command and workflow SkyKick provides contains detailed explanations within them regarding not just what the workflow does, but also the reason why you would want to run it. Additionally, Security Manager allows you to store and run your own Powershell-based commands alongside our out-of-the-box arsenal of security tools via the Workbench. This gives your power users the ability to create, save, and run custom PowerShell scripts across customers, and to publish commands to share with your team. And using our drag-and-drop interface, you can combine commands to execute even more powerful command sequences, or Workflows, against one or all of your customers. Additionally, these commands and workflows can all be scheduled to run at a later date, or even on a repeating schedule.

One example of a custom SecurityRadar workflow that partners are frequently using is with email messages quarantined by Exchange erroneously. Sometimes, an external contact such as an approved vendor will make changes to the way they send email which gets flagged by M365 security as potentially malicious, but that email is actually a mission-critical email for an end user to receive. Security Manager already contains useful commands and workflows regarding managing the Exchange quarantine, which you can customize to target a specific sender. And while this functionality is technically available within the M365 Admin Console, there may have been only one customer who opened a ticket with you regarding this ‘missing’ email.

Imagine the surprise of the other customers you proactively contact to inform that you were able to detect they are not receiving emails from this vendor, and that you’ve already rectified the situation. This is just one scenario of how SecurityRadar give you amazing visibility and powerful tools to deliver excellence to your customers not just when there is a cyberattack, but also when there are unintended behaviors due to certain security settings and unanticipated technical turbulence caused by a friendly 3rd party.

Showing your work can be challenging. Success in security is silence, and in calm waters, it can be difficult to demonstrate to customers the heroic efforts you are performing to keep their mailbox secure. So SkyKick built our Activities dashboard, to not allow you to audit any commands or workflows which have been run against your customers, but to potentially show to your customers. Partners tell us this feature allows them to demonstrate to their customers the value of their security services. (And yes, the automated scheduled solutions appear in activities as well.)

So whether you’re using Security Manager to work on Safe Links, Transport Rules & Connectors, connection filtering policies, anti-malware policies, or any number of valuable security-related measures, SecurityRadar means being able to first generate a report to your customer to show the reason for the project, to execute the solution, and to continually monitor and report.

Managing mailboxes can be a challenging, costly, and arduous process for a single end user. Having SecurityRadar means being able to not just prevent & remediate against malicious attacks, but also manage a lot of more common required scenarios for end user mailboxes and the M365 Admin Settings across all of your customers’ tenants.

With over 16,000 commands and workflows, and the ability to customize your own, you’ve got SecurityRadar over all your customers’ mailboxes, all in one place.


SkyKick has attained global ISO 27001 certification and is trusted by thousands of Microsoft Partners use SecurityRadar to manage over 3.6 million users…and growing.

SkyKick continues to add features to their Security Manager platform to keep up with evolving threats and best practices. As of July 2023, Security Manager now has over 45 workflows regarding Foundational Security Insights, twice the security-related workflows out of the box compared to the beginning of 2023.

SkyKick takes the security of our partners’ and their customers’ data seriously. This growth demonstrates SkyKick’s ongoing commitment to be at the forefront of global security for our Partners and their customers.