troubleshooting Question

O365 Block user from sending emails

Avatar of msidnam
msidnamFlag for United States of America asked on
ExchangeMicrosoft 365
1 Comment1 Solution14 ViewsLast Modified:
We had an incident earlier where a user of our was sending spam internally and externally. Once we found out that the account was comprimised we disabled the user in our AD, changed the users password and forced an AD Connect Sync to O365. For some reason the users account was still able to send emails.

I made a rule in O365 Exchange to block the user from sending emails which seemed to work, but when i look at the logs, some emails were still able to go through. I am not sure why O365 didn't catch this and put the user in the restricted users area in threat remediation. O365 did this once before but it doesn't look like you can do it manually.

In the past, changing the password and disabling the user has always worked. I'm not sure what else we could have done to stop the users account from sending emails. I even revoked MFA sessions and required the user to reregister MFA as well as revoking current sessions. 

Did I miss anything?
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 1 Answer and 1 Comment.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 1 Comment.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros