Often, security teams have limited visibility into configuration changes across users, integrated applications, and tenants, requiring time-consuming manual investigation efforts to identify and address risks. The Security Posture Management add-on improves the risk posture of cloud email environments by surfacing and centralizing visibility into changes to user privileges, application permissions, and mail tenant conditional access policies.

Security Posture Management uses the behavioral profiles built by three of the Abnormal Knowledge Bases - PeopleBase, AppBase, and TenantBase - to monitor for high-impact configuration changes. Once these changes are identified, teams can drill into contextual insights with a before-and-after view of each change, links to entities involved, relevant documentation, and suggested next steps.

Abnormal users can also schedule email notifications as changes occur, export to the SIEM, and denote when a change is or has been addressed via an acknowledgement workflow.