To monitor the chat messages between individual users, for sensitive data, you must first configure the Directory Sync feature for your Azure Entra account. This configuration gives Nightfall access to the list of users in your Azure account and thus Nightfall can monitor the messages sent between users.

Prerequisites to Monitor Chats

To monitor Chats, you must perform the following.

1. Configure the Directory Sync feature. Refer to this document.

Monitoring Chats

To Monitor Chat messages:

1. Enable the toggle switch, if not enabled.

2. Click Add Tenant and select the tenant to be monitored.

Inclusion and Exclusions

Inclusions

For the selected tenant, you must select the users that must be monitored. You can choose to monitor either all the users in the tenant or specific users or group of users.

When you select the Specific user(s) & group(s) option, two new drop-down menus are displayed. These menus allow you to select specific users or groups of users to be monitored.

Exclusions

When you choose to monitor all the users, you may also choose a specific list of users or groups of users to exclude from monitoring. This is an optional configuration and you can skip it if you wish to monitor all the users.

To exclude specific users and groups, select the users or groups in the exclusion section.

Example Scenario

Acme Corp wishes to monitor the messages exchanged between all the users. They configure the Directory Sync for their MS Entra account and select the All users option in the inclusion section. However, they realize that there is an internal group in which users share dummy API keys, passwords, and credit card details, for testing. This group is called the Test group. To avoid false positive alerts, Acme Corp excludes the Test group from exclusion.