msidnam

<div>
<div class="content wysiwyg-content fr-view">
We had an incident earlier where a user of our was sending spam internally and externally. Once we found out that the account was comprimised we disabled the user in our AD, changed the users password and forced an AD Connect Sync to O365. For some reason the users account was still able to send emails. <br><br>I made a rule in O365 Exchange to block the user from sending emails which seemed to work, but when i look at the logs, some emails were still able to go through. I am not sure why O365 didn't catch this and put the user in the restricted users area in threat remediation. O365 did this once before but it doesn't look like you can do it manually.<br><br>In the past, changing the password and disabling the user has always worked. I'm not sure what else we could have done to stop the users account from sending emails. I even revoked MFA sessions and required the user to reregister MFA as well as revoking current sessions.&nbsp;<br><br>Did I miss anything?
</div>
</div>



We had an incident earlier where a user of our was sending spam internally and externally. Once we found out that the account was comprimised we disabled the user in our AD, changed the users password and forced an AD Connect Sync to O365. For some reason the users account was still able to send emails.
I made a rule in O365 Exchange to block the user from sending emails which seemed to work, but when i look at the logs, some emails were still able to go through. I am not sure why O365 didn't catch this and put the user in the restricted users area in threat remediation. O365 did this once before but it doesn't look like you can do it manually.
In the past, changing the password and disabling the user has always worked. I'm not sure what else we could have done to stop the users account from sending emails. I even revoked MFA sessions and required the user to reregister MFA as well as revoking current sessions. 
Did I miss anything?

O365 Block user from sending emails

Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.

Exchange

Office 365 is a group of software plus services subscriptions that provides productivity software and related services to its subscribers. Office 365 allows the use of Microsoft Office apps on Windows and OS X, provides storage space on Microsoft's cloud storage service OneDrive, and grants 60 Skype minutes per month. Office 365 includes e-mail and social networking services through hosted versions of Exchange Server, Skype for Business Server, SharePoint and Office Online, integration with Yammer, as well as access to the Office software. All of Office 365's components can be managed and configured through an online portal; users can be added manually, imported from a CSV file, or Office 365 can be set up for single sign-on with a local Active Directory using Active Directory Federation Services.