440 votesAnonymous commented
I have purchased 10 P1 licenses, and even after making a condition access policy, it is still a messy mess, and I still only discovered a hacked mail account because of the fowarding rule alert. We need to know ASAP, we need a text message on our phones as soon as a logon breach is suspected. Yes, I can look at IMAP failures and I can see hundreds of scripted attempted logons from China Brazil Russia etc... but what about logons from browser/O365 portal? One account hacked from Lagos. I needed to know that at the time, at late at night, in the early hours of the morning, whenever. Give us the tools we need. Make it simple. I even purchased the licenses and still it doesn't offer security.