14 steps to fix a hacked Microsoft 365 account

I typically follow the following 14 steps when an account is compromised. Is there anything else I am forgetting?

Getting the malicious actor out of the account is the main goal of the first six phases. The purpose of the following 5 procedures is to repair the harm that has been done to your Microsoft 365 tenant. The last three stages are all about hardening the account to prevent future occurrences. You can utilize the following fast checklist to shut out the hacker. When you are ready to learn how to complete the steps, scroll down to the relevant section.

1. Reset account password
2. Sign out of all sessions
3. Remove the account from admin roles
4. Re-enroll MFA
5. Check for enterprise apps authorized for the user
6. Scan devices for malware
7. Review mailbox rules
8. Review mail forwarding
9. Move any emails that were deleted/moved to a new folder
10. Review audit logs for any other unusual activity
11. Unblock the account to allow sending emails
12. Enable MFA
13. Review email apps and change availability
14. Review sign-in logs and check for additional security measures you can take

Open full article