Quickly React To M365 User Compromise

M365 User Compromise

At some point you are going to deal with a M365 User Compromise. It could be a password leak of some kind. It could be through a phishing attempt or as simple as password sharing. Either way, it can be dealt with easily and quickly in 3 steps. I will show you how.

M365 User Compromise Account – Reset the password

Go to admin.microsoft.com and under Active Users search for the user of the compromised account. Click on the Username and then find:

M365 User Compromise

This will help guard against any new logins with the account.

Revoke Sign In For Compromised Account

After a password reset, the next step is to sign the compromised account out of everything. While still in the user flyout, sign the user out from all sessions:

M365 User Compromise

Similarly, you can do this in PowerShell. I wrote a great article about it here.

Block Unapproved Email Apps and Protocols

As a result, going forward, make sure you are not using any App or protocol you do not need. Click the Mail Tab if the User Fly out and click the Manage Email Apps Link:

M365 User Compromise

From here, uncheck any email app or protocol that could be used on a compromised account. It is a good idea to do this organization wide and not just for the user:

M365 User Compromise

Voila. Not only has your user compromise been dealt with quickly, you have security hardened your M365 tenant. It gives bad actors a smaller attack surface and this could only be good for your organization!

Thankfully, I have written several articles on M365 Security. I encourage you to review them. They can help you quickly react to security compromises quickly when they happen or harden your system preventing it from happening in the first place. If you use these 3 steps to deal with an M365 User Compromise you will have it fixed in no time!!

Happy IT’ing


Quick IT TIps!

Don’t miss these tips!

We don’t spam! Read our privacy policy for more info.

Avatar photo

I am an IT professional with over twenty years experience in the field. I have supported thousands of users over the years. The organizations I have worked for range in size from one person to hundreds of people. I have performed support from Help Desk, Network / Cloud Administration, Network Support, Application Support, Implementation and Security.

Pin It on Pinterest