Typical situations
- Mailbox sending spam or phishing
- Suspicious inbox rules or forwarding
- Email spoofing complaints
- Unexpected sign ins
- Need second review after an incident
Emergency incident response
- Identify compromised accounts
- Remove malicious rules and persistence
- Contain abuse quickly
- Review authentication gaps
- Provide incident summary
Post incident hardening
- MFA enforcement
- Disable legacy authentication
- Review mailbox permissions
- Basic alerting and audit checks
- Mail flow review when relevant
How it works
- Quick intake You describe the issue.
- Containment Stop active abuse.
- Hardening Reduce repeat incidents.