Managed Security Platform by SOCturnal

Microsoft 365 Security
Made Simple

SOCturnal gives MSPs and their customers a single place to monitor sign-ins, manage devices, track licences, and get alerted to threats — all from Microsoft 365. No servers to set up. No software to install. Just log in and go.

See What's Included How We Keep It Safe
0% Managed by Us
0 setup Infrastructure Overhead
0/7 Always Available
portal.socturnal.co.za
Dashboard
🔑 Credentials
📋 Sign-in Logs
💻 Devices
🔔 Notifications
Admin
Sign-in Logs 3 Failures
UserStatusLocationTime
alice@contoso.com Success Sydney, AU 09:14
bob@contoso.com Failure Minsk, BY 09:11
carol@contoso.com Success Auckland, NZ 09:09
dave@contoso.com Failure Lagos, NG 09:07
emma@fabrikam.com Success Melbourne, AU 09:03
Scroll to explore

Built on

Microsoft 365
🏢 Partner Center
🔐 End-to-End Encryption
🔑 Multi-Factor Auth
📊 One-Click Reporting
🔔 Real-Time Alerts
Platform Features

Everything an MSP needs.
Nothing it doesn't.

A complete operations hub for managing Microsoft 365 security across your entire customer base.

Sign-in Monitoring

See who's signing into your Microsoft 365 environment in near real-time. Filter by user, location, risk level, or outcome. Spot failed logins, unusual locations, and suspicious patterns before they become incidents.

Mon
Tue
Wed
Thu
Fri
Sat
Sun
Weekly sign-in events · 3 anomalies flagged

Device Compliance

Track every managed device across all customers. See which endpoints are compliant, which have fallen out of policy, and which haven't checked in recently — all in one view.

Automatic Data Sync

Sign-in logs, devices, licence assignments, and subscriptions sync on a schedule you control. Your data is always fresh — no manual imports, no spreadsheets, no chasing.

Licence Management

See every Microsoft 365 licence across your customer base with friendly product names, seat counts, utilisation rates, and renewal dates — so you never miss an expiry or over-provisioned subscription.

Smart Alerts

Set up rules that trigger when something needs attention — a failed login from an unusual country, a device falling out of compliance, or a licence nearing expiry. Alerts go straight to Slack, Telegram, or email.

Reporting & Export

Download any data view to CSV, Excel, or PDF with one click. Generate an Executive Summary per customer — a professional, print-ready report with a cover page, table of contents, and sections for users, devices, and licences. Perfect for quarterly business reviews and customer-facing documentation.

PDFExecutive Summary — Contoso LtdCover + TOC + 3 sections
XLSXUsers export — 142 recordsAll fields
CSVDevices export — 87 recordsAll fields
PDFSign-in Logs — landscape A4Print-ready

Role-Based Access

Control exactly who can see and do what. Create custom roles with fine-grained permissions so every team member gets access to what they need — and nothing they don't.

Service Health

Check the live status of Microsoft 365 services for each customer directly from their profile. See which services are running normally and get details on any active incidents or advisories.

Credential Vault

Store your Microsoft 365 app registrations and API credentials securely. All secrets are encrypted before storage and never exposed in plain text — even to administrators.

Full Audit Trail

Every action in the platform is logged — who did it, when, and what changed. Search and filter the complete history for compliance reviews, troubleshooting, or incident investigations.

Security

Your data is protected
at every layer

SOCturnal is a security platform — so we hold ourselves to the same standard we help you apply to your customers.

In Transit
Encrypted connections (HTTPS) Strict transport security Clickjacking protection Content-type enforcement
Application
Anti-forgery tokens on all forms Injection-proof database queries Safe output rendering Automatic brute-force lockout
Login
Two-factor authentication (TOTP) Strong password hashing Secure session handling Account lockout after failed attempts
At Rest
All secrets encrypted before storage API credentials protected Encryption keys stored separately Configuration files access-controlled
🔒

Strong Password Protection

Passwords are protected using Argon2id, one of the most secure hashing methods available today. Even if the database were ever compromised, passwords remain effectively uncrackable.

🔐

Encrypted Secrets

All sensitive data — API keys, MFA codes, and client credentials — is encrypted before it's stored. Encryption keys are kept separate from the data, so even direct database access reveals nothing useful.

📱

Two-Factor Authentication

Every login requires a password plus a one-time code from an authenticator app (Google Authenticator, Microsoft Authenticator, Authy, etc.). Stolen passwords alone aren't enough to get in.

🛡

Request Verification

Every action in the portal is verified to make sure it came from a legitimate session. This prevents attackers from tricking users into performing unintended actions through malicious links or websites.

Brute-Force Protection

After 5 failed login attempts, the account is temporarily locked for 15 minutes. This stops automated password-guessing attacks dead in their tracks — without adding CAPTCHA friction for legitimate users.

📋

Complete Audit Logging

Every action — every login, every settings change, every data export — is recorded with a timestamp and user identity. The audit trail is immutable and searchable, giving you a complete picture for compliance and incident response.

Integrations

Connected to your ecosystem

SOCturnal plugs into the platforms your team already uses — from Microsoft's cloud to your preferred notification channels.

Microsoft 365

Connects to your tenants to pull sign-in logs, device compliance, user data, licence assignments, and service health status.

  • Sign-in log monitoring
  • Device compliance tracking
  • Service health status

Partner Center

Pulls your CSP subscription data so you can see every customer's licences, seat counts, and renewal dates in one place.

  • Subscription inventory
  • Per-MSP credentials
  • Renewal tracking

Slack

Get security alerts delivered straight to your Slack channels. Customise which events trigger notifications and how they're formatted.

  • Channel-based alerts
  • Customisable templates
  • Event-based triggers

Telegram

Route alerts to a Telegram bot for instant notifications on your phone or desktop — even when you're away from the office.

  • Bot-based delivery
  • Mobile notifications
  • Instant delivery

Email

Send reports and alerts via email using traditional SMTP or modern Microsoft 365 OAuth — no legacy passwords required.

  • SMTP and M365 OAuth support
  • Per-customer routing
  • Report delivery

Entra ID

Register separate app credentials per tenant for full isolation. Each customer's data is accessed through its own secure connection.

  • Per-tenant isolation
  • Encrypted credential storage
  • Connection testing
Microsoft 365

What you can see
from each M365 product

SOCturnal surfaces actionable data from the Microsoft 365 products your customers already pay for — no additional licences or tools required.

Entra ID

Microsoft Entra ID

See who's signing in across every connected tenant and spot threats early.

  • Full sign-in history with location, device, and risk level
  • Detect failed logins, impossible travel, and unfamiliar locations
  • User accounts with licence assignments and MFA status
  • Identify accounts without MFA enabled
  • Alerts on risky or suspicious sign-in events
Works with Azure AD Premium P1 or higher — included in M365 Business Premium, E3, and E5.
Intune

Microsoft Intune

Keep track of every managed device and know instantly when something falls out of compliance.

  • Complete device inventory with OS, model, and encryption status
  • Compliance status: compliant, non-compliant, or unknown
  • Last check-in time to spot stale or disconnected devices
  • Primary user association for each device
  • Alerts when devices lose compliance
Works with Microsoft Intune — included in M365 Business Premium, E3, and E5.
Partner Center

Microsoft Partner Center

See all your CSP customer subscriptions, seat counts, and renewal dates in one place.

  • Automatic discovery of all CSP customer tenants
  • Every subscription with product name and seat count
  • Subscription status: active, suspended, or cancelled
  • Renewal dates so you can plan ahead of your customers
  • Separate credentials per MSP for full isolation
Works with a CSP partner relationship and a Partner Center app registration.
Exchange Online

Exchange Online

Send alert emails from your own Microsoft 365 mailbox using modern authentication.

  • Send security alerts from your own M365 mailbox
  • Modern authentication — no legacy passwords needed
  • Works alongside Slack and Telegram channels
  • Per-customer email routing for MSP workflows
Works with any Exchange Online plan — included in every Microsoft 365 subscription.
Full Microsoft 365 integration details →
Access Model

We run it.
You use it.

SOCturnal is operated and maintained by SOCturnal (Pty) Ltd. MSPs and their customers get their own scoped access — each seeing only their own data, with nothing to install or manage.

  • We manage the platform — zero overhead for you
  • MSPs get a complete view across all their customers
  • Customers see only their own data and alerts
  • Custom roles and permissions for every team member
  • Full audit trail and customer isolation built in
  • Executive Summary reports for customer reviews
Request Access
SOCturnal
🏢 MSP A
🏢 MSP B
🏢 MSP C
👤 Contoso
👤 Fabrikam
Get Started

Up and running
in minutes.

There's nothing to install or maintain. Contact us, and we'll set up your access — most MSPs are up and running within the day.

1 Contact SOCturnal
2 We set up your access
3 Connect your M365 tenants
4 Start monitoring
Contact SOCturnal Explore Features