Onsite
Remote
Edit Ticket
Ticket #
Ticket Date
Created Time
Remaining Time
Client Organisation
Please Select
Access Hotel Management LLC,Mark Lahood
Aero Metals
Angelos and Rardin
Anzy Supply
Applegate CPA
Asher GD Law
ATU Local 241
Automechanics 701 Union
Automobile Mechanics Local 701- Welfare & Pension Funds
Barber Packging Company
Bear Peak
Builders Paving
Catholic Charities Diocese of Gary
Cedar Valley Container Corporation
Cedar Way Vet
Children First Fund
Clover Architectural Products
CoSourcing Partners
Darling
Durand CUSD 322
Emergere Technologies
Engineer on call
F&G Roofing
Friends of the Parks
Gateway Construction
Glycerin Traders
Hale & Monico
Harbor - Marina Grand
HC and BEN FUNDS
Heartland Footwear
Heat and Frost Local 17(WELFARE)
Hobart Chamber of Commerce
Holleb Consulting
Holleb Consulting - Lincoln
Howard Orloff Volvo
Innovative
Iron Workers Local 1 Pension Fund
Iron Workers Union Local 1
J Shoffner General Contractors
Jacobs,Burns,Orlove,Stanton&Hernandez
Johnson Transition
Konrady Plastics
KPlus Engineering
KPlus Field Visits
KPlus HD Phone
Kplus Heldpesk
K-Plus Industrial Services
K-Plus Mechanical
KPlus Off Hours Engineer
KPlus Technology Solutions
KTR Corporation
Lakeshore Foods
Lalumiere School
Land O Frost
Law Offices of Stanley E. Niew, P.C.
Lever Interactive
Local 1 SEIU
Local 1 SEIU Training Fund
Local 25 SEIU Welfare Fund
Local 73 SEIU
Long Beach (town)
MacNell Accounting & Consulting, LLP
MC Chamber of Commerce
McNabola and Associates
Meade
Mechanics 701 Training
Monitoring Team
National Assc Broadcast Techs Union
New Mark Building Management
NIEF
North Ave Animal Hospital
North Central Community Action Agencies
North Central Illinois Finishing Trades Institute
Oceana
One Million Degrees
OPEN field visits
Packaging Logic
Painters DC #30 Realty, LLC
Painters DC 30 Benefit Funds
Painters District Council No.30 (Union)
Pavich Law Group (Fogel)
Peepers
Projects & Docs
Safe Harbor Realty
Sales & Marketing
SAP-Image
SB Group
SEIU Healthcare
SEIU Healthcare IL Benefit Funds
Showmen Supplies
Spectrios
St. Andrews
Stranco
Teamsters 710 Health Welfare & Pension Fund
Teamsters 727 Union
Teamsters Local 727 Benefit Funds
The Lodge at Rush Lakes
Theatrical Stagehands Union Local Two
Thomas Engineering Group
Trumbull and Porter
z SEIUHC - SP project
zHolleb
Technician
Client Name
Select
Abi
Andrew
Apps
Ash
Balaji
Brian
Christin
Eric
Ian
Jack
Jackie
JackWC
Jay
Jim
Mac
McLean
Nate
Pete
Schedule
Sunny
UnAssigned
zWaiting
Description
IsSpecial
Is Urgent?
Lower Priority?
Union Open Item?
IsProject
Project Date
Is OnSite?
OnSite Date
Start Time
End Time
IsClosed
Closed Date
Start Time
End Time
Hours Worked In Hours
Remaining Time
Resolution
Notes
<div>7/3 - Brian's findings:</div><div><ol style="margin-top:0in" start="1" type="1"> <li class="MsoListParagraph" style="margin-left:0in;mso-list:l0 level1 lfo2"><span style="font-size:11.0pt;mso-ascii-font-family:Aptos;mso-ascii-theme-font: minor-latin;mso-hansi-font-family:Aptos;mso-hansi-theme-font:minor-latin; mso-bidi-font-family:" times="" new="" roman";mso-bidi-theme-font:minor-bidi"="">If user accidently sends spam email by getting hacked, an email should send notification to helpdesk.</span></li> </ol> <ol style="margin-top:0in" start="1" type="1"> <ol style="margin-top:0in" start="1" type="a"> <li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level2 lfo1"><span style="font-size:11.0pt;mso-ascii-font-family:Aptos;mso-ascii-theme-font: minor-latin;mso-hansi-font-family:Aptos;mso-hansi-theme-font:minor-latin; mso-bidi-font-family:" times="" new="" roman";mso-bidi-theme-font:minor-bidi"="">Microsoft Defender - Email & collaboration - Policies & rules - Alert Policies - Enable and edit recipient to <a href="mailto:monitoring+alert@kplusts.com">monitoring+alert@kplusts.com</a> (hit tab after pasting in the email):</span></li> </ol> </ol> <p class="MsoListParagraph" style="margin-left:1.5in;text-indent:-1.5in; mso-text-indent-alt:-9.0pt;mso-list:l1 level3 lfo1"><!--[if !supportLists]--><span style="font-size:11.0pt;mso-ascii-font-family:Aptos;mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Aptos;mso-hansi-theme-font:minor-latin;mso-bidi-font-family: Aptos;mso-bidi-theme-font:minor-latin"><span> </span>i.<span> </span></span><!--[endif]--><span style="font-size:11.0pt;mso-ascii-font-family: Aptos;mso-ascii-theme-font:minor-latin;mso-hansi-font-family:Aptos;mso-hansi-theme-font: minor-latin;mso-bidi-font-family:" times="" new="" roman";mso-bidi-theme-font:minor-bidi"="">Suspicious email sending patterns detected</span></p> <p class="MsoListParagraph" style="margin-left:1.5in;text-indent:-1.5in; mso-text-indent-alt:-9.0pt;mso-list:l1 level3 lfo1"><!--[if !supportLists]--><span style="font-size:11.0pt;mso-ascii-font-family:Aptos;mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Aptos;mso-hansi-theme-font:minor-latin;mso-bidi-font-family: Aptos;mso-bidi-theme-font:minor-latin"><span> </span>ii.<span> </span></span><!--[endif]--><span style="font-size:11.0pt;mso-ascii-font-family: Aptos;mso-ascii-theme-font:minor-latin;mso-hansi-font-family:Aptos;mso-hansi-theme-font: minor-latin;mso-bidi-font-family:" times="" new="" roman";mso-bidi-theme-font:minor-bidi"="">Suspicious tenant sending patterns observed</span></p> <p class="MsoListParagraph" style="margin-left:1.5in;text-indent:-1.5in; mso-text-indent-alt:-9.0pt;mso-list:l1 level3 lfo1"><!--[if !supportLists]--><span style="font-size:11.0pt;mso-ascii-font-family:Aptos;mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Aptos;mso-hansi-theme-font:minor-latin;mso-bidi-font-family: Aptos;mso-bidi-theme-font:minor-latin"><span> </span>iii.<span> </span></span><!--[endif]--><span style="font-size:11.0pt;mso-ascii-font-family: Aptos;mso-ascii-theme-font:minor-latin;mso-hansi-font-family:Aptos;mso-hansi-theme-font: minor-latin;mso-bidi-font-family:" times="" new="" roman";mso-bidi-theme-font:minor-bidi"="">Tenant restricted from sending email</span></p> <p class="MsoListParagraph" style="margin-left:1.5in;text-indent:-1.5in; mso-text-indent-alt:-9.0pt;mso-list:l1 level3 lfo1"><!--[if !supportLists]--><span style="font-size:11.0pt;mso-ascii-font-family:Aptos;mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Aptos;mso-hansi-theme-font:minor-latin;mso-bidi-font-family: Aptos;mso-bidi-theme-font:minor-latin"><span> </span>iv.<span> </span></span><!--[endif]--><span style="font-size:11.0pt;mso-ascii-font-family: Aptos;mso-ascii-theme-font:minor-latin;mso-hansi-font-family:Aptos;mso-hansi-theme-font: minor-latin;mso-bidi-font-family:" times="" new="" roman";mso-bidi-theme-font:minor-bidi"="">Suspicious Email Forwarding Activity</span></p> <p class="MsoListParagraph" style="margin-left:1.5in;text-indent:-1.5in; mso-text-indent-alt:-9.0pt;mso-list:l1 level3 lfo1"><!--[if !supportLists]--><span style="font-size:11.0pt;mso-ascii-font-family:Aptos;mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Aptos;mso-hansi-theme-font:minor-latin;mso-bidi-font-family: Aptos;mso-bidi-theme-font:minor-latin"><span> </span>v.<span> </span></span><!--[endif]--><span style="font-size:11.0pt;mso-ascii-font-family: Aptos;mso-ascii-theme-font:minor-latin;mso-hansi-font-family:Aptos;mso-hansi-theme-font: minor-latin;mso-bidi-font-family:" times="" new="" roman";mso-bidi-theme-font:minor-bidi"="">User restricted from sending email</span></p> <p class="MsoListParagraph" style="margin-left:1.5in;text-indent:-1.5in; mso-text-indent-alt:-9.0pt;mso-list:l1 level3 lfo1"><!--[if !supportLists]--><span style="font-size:11.0pt;mso-ascii-font-family:Aptos;mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Aptos;mso-hansi-theme-font:minor-latin;mso-bidi-font-family: Aptos;mso-bidi-theme-font:minor-latin"><span> </span>vi.<span> </span></span><!--[endif]--><span style="font-size:11.0pt;mso-ascii-font-family: Aptos;mso-ascii-theme-font:minor-latin;mso-hansi-font-family:Aptos;mso-hansi-theme-font: minor-latin;mso-bidi-font-family:" times="" new="" roman";mso-bidi-theme-font:minor-bidi"="">Suspicious connector activity</span></p> <p class="MsoListParagraph" style="margin-left:1.5in;text-indent:-1.5in; mso-text-indent-alt:-9.0pt;mso-list:l1 level3 lfo1"><!--[if !supportLists]--><span style="font-size:11.0pt;mso-ascii-font-family:Aptos;mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Aptos;mso-hansi-theme-font:minor-latin;mso-bidi-font-family: Aptos;mso-bidi-theme-font:minor-latin"><span> </span>vii.<span> </span></span><!--[endif]--><span style="font-size:11.0pt;mso-ascii-font-family: Aptos;mso-ascii-theme-font:minor-latin;mso-hansi-font-family:Aptos;mso-hansi-theme-font: minor-latin;mso-bidi-font-family:" times="" new="" roman";mso-bidi-theme-font:minor-bidi"="">Email reported by user as malware of phish</span></p> <p class="MsoListParagraph" style="margin-left:1.5in;text-indent:-1.5in; mso-text-indent-alt:-9.0pt;mso-list:l1 level3 lfo1"><!--[if !supportLists]--><span style="font-size:11.0pt;mso-ascii-font-family:Aptos;mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Aptos;mso-hansi-theme-font:minor-latin;mso-bidi-font-family: Aptos;mso-bidi-theme-font:minor-latin"><span> </span>viii.<span> </span></span><!--[endif]--><span style="font-size:11.0pt;mso-ascii-font-family: Aptos;mso-ascii-theme-font:minor-latin;mso-hansi-font-family:Aptos;mso-hansi-theme-font: minor-latin;mso-bidi-font-family:" times="" new="" roman";mso-bidi-theme-font:minor-bidi"="">Creation of forwarding/redirect rule</span></p> <ol style="margin-top:0in" start="2" type="1"> <li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo1"><span style="font-size:11.0pt;mso-ascii-font-family:Aptos;mso-ascii-theme-font: minor-latin;mso-hansi-font-family:Aptos;mso-hansi-theme-font:minor-latin; mso-bidi-font-family:" times="" new="" roman";mso-bidi-theme-font:minor-bidi"="">If user signs in from different Geo location - then an alert email should be sent to helpdesk</span></li> <ol style="margin-top:0in" start="1" type="a"> <li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level2 lfo1"><span style="font-size:11.0pt;mso-ascii-font-family:Aptos;mso-ascii-theme-font: minor-latin;mso-hansi-font-family:Aptos;mso-hansi-theme-font:minor-latin; mso-bidi-font-family:" times="" new="" roman";mso-bidi-theme-font:minor-bidi"="">May require AD P2</span></li> </ol> <li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo1"><ol style="margin-top:0in" start="1" type="1"> <li class="MsoListParagraph" style="margin-left:0in;mso-list:l0 level1 lfo1"><span style="font-size:11.0pt;mso-fareast-font-family:" times="" new="" roman""="">Enforce MFA for all users</span></li> <ol style="margin-top:0in" start="1" type="a"> <li class="MsoListParagraph" style="margin-left:0in;mso-list:l0 level2 lfo1"><span style="font-size:11.0pt;mso-fareast-font-family:" times="" new="" roman""="">Conditional access</span></li> <li class="MsoListParagraph" style="margin-left:0in;mso-list:l0 level2 lfo1"><span style="font-size:11.0pt;mso-fareast-font-family:" times="" new="" roman""="">Create from template</span></li> <li class="MsoListParagraph" style="margin-left:0in;mso-list:l0 level2 lfo1"><span style="font-size:11.0pt;mso-fareast-font-family:" times="" new="" roman""="">“Require multifactor authentication for all users”</span></li> <li class="MsoListParagraph" style="margin-left:0in;mso-list:l0 level2 lfo1"><span style="font-size:11.0pt;mso-fareast-font-family:" times="" new="" roman""="">Review + create</span></li> <li class="MsoListParagraph" style="margin-left:0in;mso-list:l0 level2 lfo1"><span style="font-size:11.0pt;mso-fareast-font-family:" times="" new="" roman""="">Policy state - On</span></li> <li class="MsoListParagraph" style="margin-left:0in;mso-list:l0 level2 lfo1"><span style="font-size:11.0pt;mso-fareast-font-family:" times="" new="" roman""="">Create</span></li> <li class="MsoListParagraph" style="margin-left:0in;mso-list:l0 level2 lfo1"><span style="font-size:11.0pt;mso-fareast-font-family:" times="" new="" roman""="">Setup second one for "Require multifactor authentication for admins" the same way</span></li> </ol> </ol></li><ol style="margin-top:0in" start="1" type="a"> </ol> <li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo1"><span style="font-size:11.0pt;mso-ascii-font-family:Aptos;mso-ascii-theme-font: minor-latin;mso-hansi-font-family:Aptos;mso-hansi-theme-font:minor-latin; mso-bidi-font-family:" times="" new="" roman";mso-bidi-theme-font:minor-bidi"="">If users are downloading large amount of OneDrive/SharePoint files to any external sources, then we need to get an alert to monitoring</span></li> <ol style="margin-top:0in" start="1" type="a"> <li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level2 lfo1"><span style="font-size:11.0pt;mso-ascii-font-family:Aptos;mso-ascii-theme-font: minor-latin;mso-hansi-font-family:Aptos;mso-hansi-theme-font:minor-latin; mso-bidi-font-family:" times="" new="" roman";mso-bidi-theme-font:minor-bidi"="">May require E5 compliance license</span></li> </ol> <li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo1"><span style="font-size:11.0pt;mso-ascii-font-family:Aptos;mso-ascii-theme-font: minor-latin;mso-hansi-font-family:Aptos;mso-hansi-theme-font:minor-latin; mso-bidi-font-family:" times="" new="" roman";mso-bidi-theme-font:minor-bidi"="">If users run out of license due to the number of devices they signed in, we should get an alert to monitoring</span></li> <ol style="margin-top:0in" start="1" type="a"> <li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level2 lfo1"><span style="font-size:11.0pt;mso-ascii-font-family:Aptos;mso-ascii-theme-font: minor-latin;mso-hansi-font-family:Aptos;mso-hansi-theme-font:minor-latin; mso-bidi-font-family:" times="" new="" roman";mso-bidi-theme-font:minor-bidi"="">May require Azure subscription to automate PowerShell scripting and reporting</span></li> </ol> <li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo1"><span style="font-size:11.0pt;mso-ascii-font-family:Aptos;mso-ascii-theme-font: minor-latin;mso-hansi-font-family:Aptos;mso-hansi-theme-font:minor-latin; mso-bidi-font-family:" times="" new="" roman";mso-bidi-theme-font:minor-bidi"="">If users sign in to new device, an alert should be sent to the user.</span></li> <ol style="margin-top:0in" start="1" type="a"> <li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level2 lfo1"><span style="font-size:11.0pt;mso-ascii-font-family:Aptos;mso-ascii-theme-font: minor-latin;mso-hansi-font-family:Aptos;mso-hansi-theme-font:minor-latin; mso-bidi-font-family:" times="" new="" roman";mso-bidi-theme-font:minor-bidi"="">May require AD P2</span></li> </ol> </ol></div><div>=================</div><div>7/2 - Brian attached example app registration email instructions</div><div>Created app and saved all info in Keeper</div><div><span style="font-size: 10.6667px;">https://keepersecurity.com/vault/#detail/SU2O9Z6qHCGufTNqhFGsQg</span></div><div>=================</div><div>Balaji's Notes: these are the major security report we need from the office 365 portal. Most likely we might need to get different entra P2 licenses to get these reports as microsoft changed the lic features.</div><div><br></div><div>1. If user accidently sends spam email by getting hacked, an email should send notification to helpdesk.</div><div>2. If user signs in from different Geo location - then an alert email should be sent to helpdesk</div><div>3. if users MFA gets disabled, we need an alert to monitoring</div><div>4. If users are downloading large amount of One drives files to any external sources, then we need to get an alert to monitoring</div><div>5. If users run out of lic due to the number of devices they signed in, we should get an alert to monitoring</div><div>6. if users sign in to new device, an alert should be sent to the user.</div><div><br></div><div><br></div><div>==================</div><div><br></div>This project will give more reporting and information to monitor the activity and increase the security around the client use of O365<div bis_skin_checked="1"><br></div><div bis_skin_checked="1">Balaji will need Eric time to do this on Eric client. Jack wants to be kept in the loop. If it does what we want then we will expand this to other Eric union clients next</div><div bis_skin_checked="1"><br></div><div bis_skin_checked="1">Nate notes:</div><div bis_skin_checked="1">================</div><div bis_skin_checked="1">-> created EntraApp "O365MonitoringApp" client secret is valid for 24 months</div><div bis_skin_checked="1">-> API permissions assigned for the app and admin consent is granted for K-plus</div><div bis_skin_checked="1"><br></div><div bis_skin_checked="1"><div bis_skin_checked="1"><i>Permissions: User.Read.All, <span style="font-size: 8pt;">Directory.Read.All, </span><span style="font-size: 8pt;">Reports.Read.All, </span><span style="font-size: 8pt;">AuditLog.Read.All , </span><span style="font-size: 8pt;">Organization.Read.All</span></i></div><div bis_skin_checked="1"><span style="font-size: 8pt;"><br></span></div><div bis_skin_checked="1"><b><u style="color: #9966cc;">Testing OneDrive report from O365 (example format)</u></b></div><div bis_skin_checked="1"><div bis_skin_checked="1"><br></div><div bis_skin_checked="1">=== Tenant OneDrive Storage Report ===</div><div bis_skin_checked="1">Total storage used:</div><div bis_skin_checked="1">- Bytes: 598153781105</div><div bis_skin_checked="1">- GB: 557.07</div><div bis_skin_checked="1">- TB: 0.54</div><div bis_skin_checked="1"><br></div><div bis_skin_checked="1">Report saved to: OneDriveStorageReport_20250502-173332.csv</div><div bis_skin_checked="1"><br></div><div bis_skin_checked="1">Top 10 Users by Storage Usage:</div><div bis_skin_checked="1">- helpdesk@kplustech.onmicrosoft.com: 313.77 GB</div><div bis_skin_checked="1">- danc@kplus.com: 133.57 GB</div><div bis_skin_checked="1">- linda@kplus.com: 57.28 GB</div><div bis_skin_checked="1">- Jack@kplus.com: 12.61 GB</div><div bis_skin_checked="1">- Suneel@kplus.com: 8.67 GB</div><div bis_skin_checked="1">- bryon@kplus.com: 7.97 GB</div><div bis_skin_checked="1">- TSmith@kplus.com: 5.44 GB</div><div bis_skin_checked="1">- Jessicam@kplus.com: 3.88 GB</div><div bis_skin_checked="1">- JWCaplice@kplus.com: 1.91 GB</div><div bis_skin_checked="1">- Ashok@kplus.com: 1.9 GB</div></div></div><div bis_skin_checked="1"><br></div>
Back to List