14 steps to x a hacked Microsoft 365 account



Download 0.77 Mb.
View original pdf
Page1/6
Date18.11.2022
Size0.77 Mb.
#59980
  1   2   3   4   5   6
14 steps to fix a hacked Microsoft 365 account - GitBit


14 steps to x a hacked Microsoft 365 account
The rst 6 steps are all about getting the malicious actor out of the account. The next 5 steps are all about undoing the damage that was done to your Microsoft 365 tenant. The nal 3 steps are all about hardening the account so it doesn't happen again. Here's a quick checklist you can use to lockout the hacker. Then you can scroll down to the appropriate section to learn how why to perform the steps. Reset account password. Sign out of all sessions. Remove the account from admin roles. Re-enroll MFA. Check for enterprise apps authorized for the user. Scan devices for malware. Review mailbox rules. Review mail forwarding. Move any emails that were deleted/moved to anew folder. Review audit logs for any other unusual activity. Unblock the account to allow sending emails. Enable MFA. Review email apps and change availability. Review sign-in logs and check for additional security measures you can take
1. Reset account password
First and foremost is locking the hacker out of the account. Reset the password If it's a cloud- only account you can reset the user password right from the Microsoft 365 admin center. If it's a synced account you'll need to reset the password from your on-premises Active Directory. Go to Microsoft 365 admin center > Users >
Active Users
2. Search for the user you want to reset the password for. Click the Display name of the account. Click Reset password.
5. Set the password/options as you feel t and click Reset password.
GitBit


2. Sign out of all sessions
In short, a session is created every time a user signs into Microsoft 365 on any device/app. What happens is the user will provide the username/password. Microsoft will authorize the connection and then create a session. The device or app will receive an identifying key. Microsoft 365 will hold that key on their end to authorize the app every time the app wants to interact with
Microsoft 365. That way the app doesn't need to send the password every time it is communicating with Microsoft 365. Disconnecting all the user's sessions will require the user to sign in on all their devices and apps again. Go to Microsoft 365 admin center > Users >

Download 0.77 Mb.

Share with your friends:
  1   2   3   4   5   6




The database is protected by copyright ©ininet.org 2022
send message

    Main page