CYP faced a full Microsoft 365 compromise — admin lockout, domain loss, bot accounts, and over 7,000 files at risk.
Here’s what I delivered:
• Reclaimed administrator control and removed threat actor
• Recovered and reconnected their domain and configured DKIM
• Rebuilt secure staff accounts with proper roles
• Recovered 7,267 OneDrive files using Microsoft Graph API on Powershell
• Enabled MFA and 90-day audit logging
• Deleted 2,000+ bot accounts and revoked all E5 licences using Powershell
• Enforced policies to block foreign logins and future breaches
• Enabled audit log on Purview to increase accountability and traceability
• Replaced file storage system with a new more secure infrastructure on Sharepoint with appropriate permissions
Result: A secure, restored, and resilient Microsoft 365 environment in under a week.
CYP faced a full Microsoft 365 compromise — admin lockout, domain loss, bot accounts, and over 7,000 files at risk.
Here’s what I delivered:
• Reclaimed administrator control and removed threat actor
• Recovered and reconnected their domain and configured DKIM
• Rebuilt secure staff accounts with proper roles
• Recovered 7,267 OneDrive files using Microsoft Graph API on Powershell
• Enabled MFA and 90-day audit logging