M365 Phishing Incident Response

Internal phishing can spread quickly. The priority is containment, identifying affected accounts, then hardening to prevent follow-on compromise.

Typical scenario

Response actions