How to respond when Microsoft flags a user for sending outbound spam in Office 365.
Applicable to: System
Affiliation: Staff, IT Administrators
Prerequisites
You must be a system administrator with access to the Microsoft 365 admin portal and the NetID Portal.
Instructions
-
Log in to the NetID Portal and reset the user’s NetID password to prevent further unauthorized access.
-
Forward the outbound spam notification email to soc@colostate.edu and CC windows@colostate.edu.
- The Security Operations Center (SOC) will notify the user and may offer training to help prevent future incidents.
-
Log in to the Microsoft 365 Admin Portal at the Microsoft Office portal using an admin account.
-
Navigate to the Exchange Admin Center:
-
Click the app launcher (grid icon) in the upper left, then select Admin.
- In the lower left, select Exchange to enter the Exchange admin center.
-
In the Exchange admin center:
-
Click the Protection link on the left menu.
-
Click the Action Center tab at the top.
-
Find the user account flagged for spam.
-
Click the Unblock Account… link on the right side.
Outcome
Following these steps will restore the user’s ability to send email and notify the appropriate internal teams to investigate and prevent future compromises.