14 steps to x a hacked Microsoft 365 account
Download 0.77 Mb. View original pdf
|
- Navigate this page:
- 1. Reset account password
- Microsoft 365 admin center > Users > Active Users 2. Search for the user
- 2. Sign out of all sessions
- Microsoft 365 admin center > Users
| 14 steps to x a hacked Microsoft 365 account The rst 6 steps are all about getting the malicious actor out of the account. The next 5 steps are all about undoing the damage that was done to your Microsoft 365 tenant. The nal 3 steps are all about hardening the account so it doesn't happen again. Here's a quick checklist you can use to lockout the hacker. Then you can scroll down to the appropriate section to learn how why to perform the steps. Reset account password. Sign out of all sessions. Remove the account from admin roles. Re-enroll MFA. Check for enterprise apps authorized for the user. Scan devices for malware. Review mailbox rules. Review mail forwarding. Move any emails that were deleted/moved to anew folder. Review audit logs for any other unusual activity. Unblock the account to allow sending emails. Enable MFA. Review email apps and change availability. Review sign-in logs and check for additional security measures you can take 1. Reset account password First and foremost is locking the hacker out of the account. Reset the password If it's a cloud- only account you can reset the user password right from the Microsoft 365 admin center. If it's a synced account you'll need to reset the password from your on-premises Active Directory. Go to Microsoft 365 admin center > Users > Active Users 2. Search for the user you want to reset the password for. Click the Display name of the account. Click Reset password. 5. Set the password/options as you feel t and click Reset password. GitBit 2. Sign out of all sessions In short, a session is created every time a user signs into Microsoft 365 on any device/app. What happens is the user will provide the username/password. Microsoft will authorize the connection and then create a session. The device or app will receive an identifying key. Microsoft 365 will hold that key on their end to authorize the app every time the app wants to interact with Microsoft 365. That way the app doesn't need to send the password every time it is communicating with Microsoft 365. Disconnecting all the user's sessions will require the user to sign in on all their devices and apps again. Go to Microsoft 365 admin center > Users > Download 0.77 Mb. Share with your friends:
|