A multi-tenant Microsoft 365 security alerting platform. Beacon polls M365 APIs across tenants, evaluates events against declarative rules, and delivers centralized alerting. Zero infrastructure needed in client tenants.
Links:
Beacon documentation
GitHub repo
What It Does
Beacon continuously monitors Azure AD sign-ins, audit logs, Exchange, SharePoint, and Purview events across M365 tenants. A JSON-based rules engine evaluates each event and fires alerts to Azure Log Analytics and (optionally) Microsoft Teams.
Technical Highlights
- Declarative rules engine with nested AND/OR conditions, template interpolation, exception handling, MITRE ATT&CK mappings, and per-tenant scoping
- Dual API polling: Microsoft Graph API for near real-time identity events, Management Activity API for Exchange/SharePoint/Purview logs, normalized into a unified alert format
- Zero-touch client environments: Admin consent onboarding flow, federated credentials via managed identity, no secrets to rotate
- Infrastructure-as-code : Full Bicep deployment at subscription scope: Function App (Flex Consumption), Log Analytics, Data Collection Rules, and App Registration with federated auth
- Auto-generated documentation: VitePress site with rule reference pages generated directly from the JSON rule definitions
Workbooks
Beacon ships two Azure Monitor Workbooks for operational visibility.
Beacon Alerts
Provides an operational overview of all alerts generated across client tenants. Includes filterable parameters for time range and tenant, summary tiles for total/critical alerts, affected clients, and unique targets, trend and severity charts, and a detailed table of the 100 most recent alerts.
Beacon System
Monitors the operational health of the Beacon deployment itself. Displays the admin consent URL template for onboarding, a synced tenants table with status, timestamps, and duration, and the 100 most recent system events with color-coded status indicators.
Stack
- TypeScript
- Node.js 22
- Azure Functions
- Azure Log Analytics
- Bicep
- VitePress