Mailboxes2. Search for, then click on the user

Mailboxes
2. Search for, then click on the user you want to disable the email apps. Click the toggle switch to Disabled for any email apps the user isn't using. Click Save.
14. Review sign-in logs and check for additional security
measures you can take
Finally, we have almost nished with the compromised account. The last step is looking into how the hacker breached the account and then hardening that part of Microsoft 365. Did the hacker login from Russia Do you do business / have users logging in from Russia No, then create a conditional access policy limiting sign-ins from Russia. Or maybe the user account was breached because the user received a phishing email and then clicked a link and entered their credentials in a fake Microsoft 365 sign-in portal. Then setup Safe Links. To review the sign-in logs perform the following. Go to Microsoft Azure Active Directory admin Center > Users.
2. Search for the user that was breached and click on his/her display name.
3. Click Sign in Logs.

I have a little bit more information on how to read the sign-in logs