Overe FAQs 

How to assign the required roles to Overe's App The Overe Premium app requires a specific role assigned to be able to manage security policies in your tenant. Please follow the steps below and described in this video Open Entra App Role administration: here Select Role: Exchange Administrator Select App: Overe Premium Microsoft documentation relating to App Roles and best practices available here.

Elevating Your Cybersecurity Beyond Antivirus and Web Filtering In the digital era, where business operations are increasingly cloud-based, traditional security measures like antivirus and web filtering are no longer sufficient to fully protect your business. While these are essential layers of your cybersecurity defense, they don't cover the complexities and vulnerabilities associated with SaaS applications, such as Microsoft 365, which are crucial to your day-to-day operations. The Gap in Traditional Security Measures Antivirus software and web filtering play critical roles in safeguarding against malware and restricting access to malicious sites. However, they operate primarily at the perimeter level and are not designed to monitor or protect the nuanced, application-level operations within cloud-based platforms like Microsoft 365. As your business leverages these SaaS applications for communication, collaboration, and data storage, it becomes imperative to address security within these environments directly. Why SaaS Application Security Matters SaaS applications, by their nature, are accessible from anywhere, which is great for productivity but also opens up new avenues for potential cyber threats. Misconfigurations, unauthorised access, and insider threats can all go undetected by traditional security measures. Moreover, the shared responsibility model of cloud services means that while the service provider secures the infrastructure, your business is responsible for protecting the data within it. Overe Premium is specifically designed to fill this security gap by offering a comprehensive solution focused on SaaS applications like Microsoft 365. Here's how Overe Premium enhances your cybersecurity posture: In-depth Assessments Overe Premium conducts thorough evaluations of your Microsoft 365 settings and usage to identify potential vulnerabilities, going beyond what antivirus and web filters can see. Proactive Threat Detection Leveraging AI and machine learning, Overe Premium monitors for unusual activities within your SaaS applications that could indicate a breach or an insider threat, providing an additional layer of security. Automated Policy Enforcement To ensure your Microsoft 365 environment remains secure, Overe Premium automates the application of security policies, correcting misconfigurations and enforcing best practices without manual intervention. Seamless Integration Overe Premium works alongside your existing antivirus and web filtering solutions, offering a holistic approach to cybersecurity that addresses both the perimeter and the heart of your cloud-based operations. Find out more on our Product page on our website

Below are our current list of best practice controls:

Many of the error codes revolve around enabling auditing so Overe can monitor your events, Audit logging is meant to be turned on by default for all new Microsoft 365 organizations. However, if you are managing a client with a Microsoft tenant before 2023, there is a strong likelihood that Auditing is turned off. Overe will check the status and provide guidance if there is an issue. Here are a list of common error codes and how to resolve them:

Our subscription agreement can be found here: Privacy policy can be found here: https://www.overe.io/privacy-policy

Contact us to gain access to Overe Premium. If you are either trialling or have paid for Overe Premium, follow the steps in this video to remove your existing Overe Free integration and enable Overe Premium.

Role of Owner- Can do everything on Organization, Site and Integration level Role of Admin - Can do everything on Organization, Site and Integration level, except: Offboarding an organization Making another collaborator a Owner Making a Owner not a Owner Role of Viewer - Can do all “read-only” tasks but cannot perform any changes. Need more granularity? Contact us to give feedback.

Overe has detected a change from the recommended setting for one or more of the Overe best practice controls in your within your Microsoft 365 integration. This drift occurs when there is a mismatch between the policy values that are monitored in Overe and those currently set in your Microsoft Tenant. You will receive these alerts daily until the policy values are aligned or the affected policy control is disabled in Overe via the Policies section of the site noted below, see how to do this here:

If you are using either Overe Free Premium, follow the steps in this video to fix any integration issues with your Microsoft tenant.

Follow these steps... Coming soon

If you get the following message: "Admin and MFA information can't be retrieved with your current Microsoft license. Microsoft Entra ID P1 or P2 license is required to access these fields." Please ensure you have the correct license more details coming

We understand the importance of supporting Managed Service Providers (MSPs) and their need to manage multiple clients and tenants efficiently. We are pleased to inform you that we have functionality specifically designed for MSPs, allowing them to add and manage multiple clients and tenants within the platform. This can be achieved via the "Manage Sites" section where you can add an unlimited number of clients to your account.

We have implemented robust security measures to safeguard your data. These measures include encryption, access controls, and regular security audits. Your data is encrypted both in transit and at rest, ensuring that it remains protected against unauthorized access. We strictly adhere to industry best practices and comply with relevant data protection regulations to maintain the confidentiality and integrity of your data. Overe is Cyber Essentials certified and our team is trained on data privacy and security protocols to ensure the highest level of protection for your data. We take data security seriously and continuously invest in maintaining a secure infrastructure to safeguard your information.

Overe is currently provided as a free security tool to benefit MSP's and other companies enhance their security posture. We believe in the value of providing a more comprehensive and easier to digest view of security compared to what Microsoft offers. As a vendor, we are committed to delivering premium services in the future that will further support companies in their security efforts. Offering Overe for free allows us to build trust and establish a strong user base. Additionally, we can gather valuable feedback and insights from users, which helps us improve the platform. It's a win-win situation where users can benefit from enhanced security, and we can refine our services based on user experiences.

In the Users section of our service, we have a feature that actively monitors and scans the hidden corners of the web. Its primary purpose is to identify any compromised data linked to email addresses registered in your Active Directory. This takes a proactive approach by flagging potential vulnerabilities within your own user base. It's crucial to understand that if one of your users gets flagged as compromised, it doesn't necessarily mean that their Microsoft account has been breached. Instead, it indicates that credentials associated with their email address have been detected on the Dark Web. With this valuable information in hand, it's advisable to review the affected user accounts for any unusual or suspicious activities. In some cases, a credential reset may be necessary as a precautionary measure. This will be automatically enabled for all customers at no charge up to 100 email addresses per tenant

To comply with GDPR requirements and ensure data sovereignty, Overe maintains servers in both the United States and Europe. This allows us to store and process data in regions that align with the specific needs and regulatory requirements of our users. We understand the importance of data protection and strive to ensure that your data remains within the designated region in accordance with applicable data privacy laws. As a customer, you will have a the choice of where your data is stored (EU vs US)

Overe offers several key selling points that make it an advantageous choice for MSPs when dealing with clients: Enhanced Security: Overe provides a more comprehensive view of security compared to what Microsoft offers through their suite of products and portals. With Overe, you can identify and prioritize security controls based on your clients' specific needs, ensuring a higher level of protection for their Microsoft setups. Personalized Assessments: Overe takes into account your clients' business specifics by considering factors such as company size, industry, and region of operation. This allows for a personalized security assessment that aligns with their unique requirements and compliance considerations. Actionable Recommendations: Overe not only identifies security gaps but also provides actionable recommendations to improve your clients' security posture. These recommendations are tailored to their specific business profile and license suitability, enabling you to guide them towards the most effective security measures. Cost-Benefit Analysis: Overe helps you assess the suitability of your clients' current Microsoft licenses in relation to their security posture. It recommends whether upgrading to higher plans or considering additional licenses would be beneficial. Moreover, Overe provides insights into the associated costs and the benefits your clients can gain from such upgrades, enabling informed decision-making.

Overe is committed to maintaining high standards of security and compliance. Overe is Cyber Essentials certified and our team is trained on data privacy and security protocols to ensure the highest level of protection for your data. we adhere to industry best practices and implement robust security measures to protect your data. We continuously assess and improve our security practices to ensure compliance with relevant regulations and standards. We understand the importance of certifications, and obtaining them is an ongoing priority for us. Rest assured that we are dedicated to providing a secure and compliant platform for our users.

Overe assesses the suitability of the current Microsoft license by evaluating the company's security posture and comparing it with the features and capabilities offered by the license. If the company's security needs cannot be adequately met with the current license, Overe will indicate whether an upgrade or additional plans should be considered to address the identified security gaps.

We prioritize the security and privacy of your data. If you choose to stop using the free tool, we will remove any data that has been collected from your account or tenant in the portal. Your data will be securely deleted from our systems. We understand the importance of data protection and take great care in handling and managing your data in accordance with industry best practices and applicable privacy regulations. Your privacy is our utmost concern, and we are committed to ensuring that your data remains safe and confidential. Do delete your account and data, please navigate to the portal and follow the on screen instructions under "Account Settings" > "Delete Account" Note that we do keep a record of your email in our Customer Relations tool to aid support reasons, however, should you wish this to be removed, please email us at hello@overe.io

Overe's M365 Assessment tool is currently a free security tool that aims to provide a more comprehensive view on security compared to what Microsoft currently offers. The Microsoft Security Score is a % value based on a set of controls that are evaluated against the current configuration of a Microsoft tenant. A score per se might not mean anything to a user, that’s why want to introduce some guidance around it, explain what is relevant, and what should they do to mitigate the risks they are exposed to based on those scores. Microsoft achieves this by ranking those controls to give a sense of priority. Each control has a maximum score points that can be achieved (for instance, MFA for admins is 10 points), and those points are assigned based on how much of the control is implemented (in admins MFA, if 50% of admins have it enabled, would reach a 5 / 10 score). Then, controls are sorted based on the points left to achieve for each one. This is a good start, but it’s lacking in some ways: It’s using the same bar to measure all kinds of companies. It’s not taking into account any context about the company being evaluated. It’s taking into account some controls which the company might not be able to implement, based on their current licenses, and most importantly, it’s not clear about it. One can get a really low score, and not be able to figure out that this is because they are lacking some additional product to improve their posture. It does not let you know when important security settings have changed, so you need to constantly manually check for changes. Real world threats that can affect the business are not highlighted and quantified, leaving businesses unsure why they need to make changes to their settings or invest in a higher tier offering

As an IT administrator, we know how hard it is to juggle all the daily tasks and the myriad of products you look after, so we've introduced an email alert service that lets you know if any critical security setting has changed in you Microsoft 365 tenant. We do not disclose any specific information in the email for security reasons, so you will need to log into the service to review details. Also, for our free service, these alerts typically run every 24hrs.

We aim to provide a higher quality assessment than what users can already can find in their Microsoft portals by taking into account their business specifics. Overe personalizes security scores and advice by taking into account the company's specific details and security needs. By using a simple questionnaire to capture company demographics, Overe derives a security profile that considers factors such as data security, compliance requirements, and business continuity. This enables Overe to provide tailored recommendations and prioritize actions based on the company's unique circumstances.

With the Free tool, Overe will check for changes to important security settings on a regular basis to see what has changed. Overe will email a summary to advise you of these changes. At any point in time you may visit the portal to review these changes. It is important to understand that if a setting is turned off and then back on soon after, the report will not contains this information. However, this is will be a feature in the Premium service. (This feature for the Free tool is coming soon)

The threat vector calculation in Overe involves analyzing the security settings within Microsoft 365 and assessing the potential risks posed by misconfigurations or vulnerabilities. We take into account various attack scenarios that could exploit these security gaps. Here are some of the main attacks we consider in the calculation: Phishing: This attack aims to deceive users into disclosing their login credentials or sensitive information through fraudulent emails, social media, or other communication channels. Business Email Compromise (BEC): In a BEC attack, the attacker gains unauthorized access to a company's email system to impersonate employees, conduct fraudulent transactions, or obtain sensitive information. Account Takeover: This attack involves unauthorized access to a user's Microsoft 365 account, allowing the attacker to steal information or carry out malicious activities. Malware: The objective of a malware attack is to trick users into downloading or clicking on malicious payloads, enabling the attacker to gain access to their devices and conduct harmful actions. This is a common vector for Ransomware Spam: Spam emails are often used to distribute malware or deceive users into clicking on malicious links, leading to device infections or unauthorized data access. Data Loss Prevention: This attack focuses on stealing sensitive data from a victim's Microsoft 365 account and transferring it to an external location beyond the organization's control. Attackers may use various techniques, such as copying files to cloud storage or sending data through email or other channels. By evaluating the presence or absence of security settings related to these attack vectors, Overe calculates the potential threat level and provides recommendations to mitigate the risks and enhance security posture. It's important to note that the threat vector calculation is designed to help users understand their exposure to different types of attacks and prioritize actions to protect their Microsoft 365 environment, it does not guarantee protection.

Overe utilizes a combination of data gathering, analysis, and algorithms to provide personalized assessments and advice. It starts by gathering information about the company through a simple questionnaire, capturing details such as company size, region of operation, and industry. This data is then used to derive a security profile for the company. Using this profile, Overe analyzes the company's Microsoft tenant configuration and evaluates it against a set of controls. It then ranks the controls based on their relevance to the company's security needs. If changes to settings are made, Overe will summarise the changes for you in a regular email report. Overe's algorithms take into account the current licenses and limitations, providing actionable recommendations to improve the security posture. The system is designed to be intuitive and user-friendly, ensuring that companies can easily understand and implement the advice provided by Overe.

Please contact Overe directly via hello@overe.io for any commercial or trial enquiries. You will have a separate contract to what you have with Webroot and we will handle all billing for Overe Premium.

The integration we've built is multi-stage, with the first phase concentrating on easy onboarding of Webroot customers into Overe. This ensures that existing Webroot users can quickly and seamlessly take advantage of Overe's advanced SaaS security features. Future phases will include tighter integration of Webroot's threat intelligence to further strengthen the security posture of our combined customer base. This ongoing collaboration will enhance our ability to provide comprehensive, proactive protection against evolving cyber threats. In the first phase, we focus on the easy onboarding of Webroot customers into Overe. This ensures that existing Webroot users can quickly and effortlessly leverage Overe's advanced SaaS security features. Here's how it works: Login Integration: Webroot customers can simply log in to their Webroot account via the Overe platform. Data Import: Once logged in, Overe will automatically pull all relevant site information from Webroot. Seamless Onboarding: This data import allows for a smooth transition, enabling Webroot users to start using Overe's comprehensive security features without any hassle. See video below:

You will need you Webroot Username/password and your "GSM license code" to sync your Webroot sites with Overe.