Securing your 365 Agents account

Account security is your first line of defense. Here's what you should enable.

Written By Catherine Weir

Last updated About 3 hours ago

A compromised 365 Agents account can be used to place fraudulent calls or send spam at your expense. These settings lock it down.

Enable these right away

Multi-factor authentication (MFA). Every user should have it. Required on production accounts.

Single sign-on (SSO). If your organization uses Google Workspace, Microsoft 365, or Okta, connect SSO so access follows your corporate policy.

Role-based permissions. Don't give everyone admin. Use our roles: Admin, Developer, Agent Configurator, Billing, Read-Only.

API key management. Generate separate API keys per application. Rotate regularly. Revoke unused keys immediately.

What we do to protect you

  • IP allow-lists for API access (configurable)

  • Anomaly detection on login patterns

  • Alerts for unusual account activity

  • Audit logs for every admin action

  • Encrypted credential storage

If you suspect your account is compromised

  • Revoke all API keys immediately (dashboard → Security → API Keys → Revoke All)

  • Reset every user's password

  • Contact support — we'll help investigate

  • Review recent calling and messaging activity for anything unexpected