Managed Security Platform by SOCturnal

Security Operations
Without the Noise

SOCturnal is a managed Microsoft 365 security operations platform. We run the infrastructure — MSPs and their customers simply get access to a powerful, hardened portal that centralises sign-in monitoring, device compliance, Partner Center subscriptions, and real-time threat notifications.

Explore Features View Security Architecture
0% Managed by Us
0 setup Infrastructure Overhead
0/7 Always Available
socturnal / admin / signin_logs.php
Dashboard
🔑 Credentials
📋 Sign-in Logs
💻 Devices
🔔 Notifications
Admin
Sign-in Logs 3 Failures
UserStatusLocationTime
alice@contoso.com Success Sydney, AU 09:14
bob@contoso.com Failure Minsk, BY 09:11
carol@contoso.com Success Auckland, NZ 09:09
dave@contoso.com Failure Lagos, NG 09:07
emma@fabrikam.com Success Melbourne, AU 09:03
Scroll to explore

Powered by

Microsoft Graph API
🏢 Partner Center REST
🔐 Encryption at Rest
🔑 Multi-Factor Authentication
🛡 Secure Password Hashing
🔔 Slack & Telegram Alerts
Platform Features

Everything an MSP needs.
Nothing it doesn't.

A complete operations hub for managing Microsoft 365 security across your entire customer base.

M365 Sign-in Log Monitoring

Pull and store Microsoft 365 sign-in logs via the Graph API. Filter by risk level, location, failure reason, and user. Set automatic alerts for suspicious activity patterns.

Mon
Tue
Wed
Thu
Fri
Sat
Sun
Weekly sign-in events · 3 anomalies flagged

Device Compliance

Track Intune-managed device compliance status across all customers. Identify non-compliant, unmanaged, and at-risk endpoints at a glance.

Automated Sync Engine

Sign-in logs, device data, Partner Center subscriptions, and notifications sync automatically on configurable schedules — always up to date, no manual intervention required.

Partner Center Subscriptions

Connect Microsoft Partner Center app registrations to retrieve CSP subscription data per MSP. Full hierarchical credential model supporting system-wide, MSP, and per-customer credentials.

Notification Engine

Create rules and templates that trigger on sign-in anomalies, device compliance changes, and other events. Route alerts to Slack, Telegram, or email.

Full Audit Trail

Every action — credential creation, setting change, permission update, sync run — is stamped with user, timestamp, and detail into an immutable audit log. Search and filter the complete history for compliance and incident response.

CREATEgraph_credentials.create — "Contoso Prod"09:14
SYNCgraph.signin_logs.sync — 847 events09:00
UPDATEsettings.save — System settings updated08:55
AUTHuser.login — admin@contoso.com08:30

Role-Based Access Control

Define granular roles with per-permission control. Assign super-admin wildcard or fine-grained permissions per module. Changes take effect on next login.

Credential Vault

Store and categorise M365 app registrations, Graph API secrets, and Partner Center credentials. All secrets are encrypted at rest before storage — never exposed in plain text.

Security Architecture

Hardened from the ground up

SOCturnal is a security tool — so its own security is treated with the same rigour it applies to your M365 tenants.

Transport
HTTPS / TLS 1.2+ HSTS headers Clickjacking protection Content-type sniffing prevention
Application
CSRF protection on all forms Parameterised database queries Output sanitisation Brute-force lockout
Authentication
TOTP Multi-Factor Authentication Industry-standard password hashing Secure session management Encrypted MFA secrets
Data at Rest
Authenticated encryption at rest Encrypted API credentials Server-side key management Access-controlled configuration
Ar

Secure Password Hashing

Passwords are hashed using Argon2id — the winner of the Password Hashing Competition. Memory-hard by design, it is resistant to GPU and ASIC cracking attempts, making brute-force attacks computationally impractical.

Encryption at Rest

All API secrets, MFA seeds, and client credentials are encrypted with authenticated encryption before storage. Encryption keys are stored outside the web root and never exposed to the application layer in plain text.

Multi-Factor Authentication

Login is a two-step process: password followed by a time-based one-time passcode, compatible with Google Authenticator, Authy, and any TOTP-compatible app. MFA secrets are individually encrypted per user before storage.

CSRF Protection

Every state-changing form embeds a cryptographically random token tied to the user's session. Requests without a valid token are rejected before any processing occurs — protecting against cross-site request forgery attacks.

🛡

Rate Limiting & Lockout

After 5 consecutive failed login attempts, the account is locked for 15 minutes. Failed attempts are reset only on successful authentication, preventing credential stuffing attacks without adding CAPTCHA friction.

Injection Prevention

Every database interaction uses parameterised queries with bound parameters — no raw string interpolation. All output is sanitised before rendering, eliminating SQL injection and cross-site scripting vectors.

Integrations

Connected to your ecosystem

SOCturnal plugs into the platforms your team already uses — from Microsoft's cloud APIs to your notification channels.

Microsoft Graph API

Sign-in logs, device compliance, user data, and M365 tenant information via Graph API v1.0.

  • Sign-in log ingestion
  • Device compliance sync
  • Multi-tenant support

Partner Center REST

Retrieve CSP subscription data per MSP using the Microsoft Partner Center REST API.

  • Subscription sync
  • Per-MSP credentials
  • Source-tagged data

Slack

Send security alerts, sync summaries, and threshold notifications directly to Slack channels via webhooks.

  • Webhook integration
  • Customisable templates
  • Event-triggered alerts

Telegram

Route alerts to Telegram bots for real-time notification delivery on mobile and desktop.

  • Bot API integration
  • Chat ID routing
  • Instant delivery

Email (SMTP / OAuth 2.0)

Send reports and notifications via SMTP or Microsoft OAuth 2.0 (for M365 mailboxes). Multiple outbound servers supported.

  • SMTP with TLS/STARTTLS
  • Microsoft OAuth 2.0 mail
  • Per-customer routing

Entra ID App Registrations

Register multiple Azure AD (Entra ID) app registrations with tenant-specific client credentials for isolated Graph API access per customer.

  • Multi-tenant isolation
  • Encrypted credential store
  • Test & verify connectivity
Access Model

We run it.
You use it.

SOCturnal is operated and maintained by SOCturnal (Pty) Ltd. MSPs and their customers are provisioned with scoped access — each seeing only their own data, with no infrastructure to set up or manage.

  • SOCturnal manages the platform — zero overhead for you
  • MSPs get their own scoped view across all their customers
  • Customers see only their own M365 data and alerts
  • Role-based access control for every team member
  • Full audit trail and customer isolation throughout
Request Access
SOCturnal
🏢 MSP A
🏢 MSP B
🏢 MSP C
👤 Contoso
👤 Fabrikam
Get Started

Access in minutes.
Insights from day one.

There's nothing to install or maintain. Contact us, and we'll provision your access — MSPs and customers are up and running within the day.

1 Contact SOCturnal
2 We provision your access
3 Connect your M365 tenants
4 Start monitoring
Contact SOCturnal View Security Architecture