Secure my Microsoft 365 account
If your Microsoft 365 organization has been compromised (or you think it may have been), secure your accounts. If your account's compromised, you may notice odd activity like deleted messages or new inbox rules that you didn't create. Compromised Microsoft 365 accounts could be blocked from sending email.
- Reset the passwords for all your affected users from a clean device. If you aren't sure which users are compromised, reset the passwords for all users.
- Make sure to use a device you know doesn't have any malware or viruses. We also recommended scanning all the devices you use to access email for malware. (You can use a reputable antivirus program and/or contact a professional.)
- Enable security defaults. This will require all admins and users to set up a sign-in method for multi-factor authentication (MFA).
- If you only want to require specific accounts to set up an additional sign in method, you can enable per-user MFA.
- Check if malicious forwarding is enabled. Delete any forwarding not created by your users.
- Check if malicious rules are enabled. Delete any rules not intentionally created by your users.
- Check if malicious connectors are enabled. Delete any connectors not intentionally created for your organization by an admin or for an add-on.
Note: If your account or organization's blocked, you may be required to complete some (or all) of these steps before an unblock can happen. If the unblock's completed successfully, it does not prevent your email address or organization from getting blocked in the future.
Related steps
More info
- Tips for protecting my email
- Learn more about Microsoft’s anti-spam policy.
- Fix rejected email with a bounce error