14 steps to x a hacked Microsoft 365 account



Download 0.77 Mb.
View original pdf
Page2/6
Date18.11.2022
Size0.77 Mb.
#59980
1   2   3   4   5   6
14 steps to fix a hacked Microsoft 365 account - GitBit
Active Users
2. Search for the user you want to reset the password for. Click the Display name of the account. Click Sign out of all sessions.


3. Remove the account from admin roles
Next, we may want to remove the account from any admin roles. It's good practice to temporarily remove the account from any admin roles until you are 100% sure the compromised account is no longer accessed by the hacker. Go to Microsoft 365 admin center > Users >
Active Users
2. Search for the user you want to reset the password for. Click the Display name of the account. Click Manage roles > User (no admin center access) > Save changes.


4. Re-enroll in MFA
If you have MFA enabled for the user you may want to re-enroll the devices or at least review the devices and make sure they are the user's devices. In short, once a malicious user has access to the user's Microsoft 365 account they can enroll their own devices and possibly reset the password after you've changed the password. So go to the user's MFA authentication methods and sit down with the user and ask if that's their authentication method. Go to Azure Active Directory >
Users
. Search for the user, then click the user's display
name.
2. Click Authentication methods then view the user's authentication methods.


5. Check for enterprise apps authorized for the user
Another way a malicious actor may retain access to your user's Microsoft 365 account is through enterprise apps. In short, once a person has access to the account they may register the user fora malicious enterprise app that the hacker can use to retain access to the account after the password reset. So we'll need to review the registered apps for the user.


1. Go to Azure Active Directory >

Download 0.77 Mb.

Share with your friends:
1   2   3   4   5   6




The database is protected by copyright ©ininet.org 2024
send message

    Main page