ThreatLocker^® Cloud Control

Introducing ThreatLocker^® Cloud Control, your powerful ally to protect your Microsoft 365 tenant against phishing attacks and token thefts.

Book a demo









Why ThreatLocker^® Cloud Control for Microsoft 365?

Some of the biggest challenges with Microsoft 365 are phishing and token theft. The problem is you can’t control what users click on. They see a convincing email, are in a rush, or are simply distracted. Next thing you know, they enter their credentials, approve the MFA prompt—and just like that, the cybercriminals get in with full access to users’ accounts.

ThreatLocker Cloud Control leverages built-in intelligence to assess whether a connection from a protected device originates from a trusted network. By analyzing connection patterns from protected computers and mobile devices, it automatically identifies and allows trusted connections.

‍The result? Only users from IP addresses and networks deemed trusted by ThreatLocker can get in—automatically blocking phishing and token theft attacks. So, no matter how successful cybercriminals are with their phishing attacks and token thefts—all their efforts are useless now.

How does ThreatLocker^® Cloud Control work?

You start by installing the ThreatLocker Agent on users’ laptops and ThreatLocker MDS on their phones. It’s quick and easy.


A user connects to a new network with their protected device and their IP address now changes.

ThreatLocker tracks and learns commonly used IP addresses and automatically updates your Microsoft 365 named locations, maintaining a collection of the most up-to-date IP addresses and networks associated with the protected device.

Should a cybercriminal manage to intercept your user’s token with a man-in-the-middle (MITM) attack, or steal login credentials through phishing, they simply won’t be able to get in. Why? Because their IP address isn’t in a permitted named location. No match. No entry.

Microsoft 365 compared

VULNERABILITY

WITH tHREATlOCKER

wITHOUT THREATLOCKER

Token theft

Bypassing MFA

PROTECTED

VULNERABLE

Persistent access

PROTECTED

VULNERABLE

Cloud exploitation (OneDrive, SharePoint, Outlook)

PROTECTED

VULNERABLE

Phishing attacks

Credentials harvesting

PROTECTED

VULNERABLE

App consent scams

PROTECTED

VULNERABLE

QR code phishing

PROTECTED

VULNERABLE

Business email compromise

Internal email fraud

PROTECTED

VULNERABLE

Financial theft

PROTECTED

VULNERABLE

Data exfiltration

PROTECTED

VULNERABLE

FREQUENTLY ASKED QUESTIONS

Does the ThreatLocker Cloud Control app work for both iOS and Android?

Yes! The app is available for both iOS and Android. When a device is added to the ThreatLocker Portal, we send a link to the end user that will take them to the correct app Store.

Will the app work on a tablet?

Yes, the app is compatible with both iOS and Android tablets.

Since there is no ThreatLocker Agent for mobile devices, how do we connect them to the ThreatLocker Portal?

ThreatLocker MDS was build for mobile devices. This lightweight app sits on the device collecting its current IP address and relaying that to the ThreatLocker Portal.

How does Cloud Control handle dynamic IP addresses, such as those used by remote workers or mobile devices?

ThreatLocker MDS will send mobile devices' current IP addresses to ThreatLocker. Then the ThreatLocker Agent will send up computers’ current IP addresses, and ThreatLocker will update the Named Locations used in 365 with the most up to date IP address. When an IP address changes, the change will automatically be captured and relayed to 365, ensure that access to 365 remains seamless, regardless of where the user is accessing from.

Have more questions? Request more information.