Auditing - Ensure The Report Of Users Who Have Had Their Email Privileges Restricted Due To Spamming Is Reviewed
Summary
Microsoft 365 Defender reviews of Restricted Entities will offer a list of users accounts restricted from sending e-mail. If one of the outbound sending limits is exceeded, then, the user will be restricted from sending email, however, they can still receive email.
Reason
Users on the restricted users list have a high possibility of being compromised. Reviewing this list will help in remediating these user accounts, and then unblock them.
How to?
To review the report, use the Microsoft 365 Admin center:
- Go to Security to open the Security portal.
- Under Email & collaboration navigate to Review.
- Click Restricted Entities.
- Review alerts and take appropriate action (unblocking) after account has been remediated.
Monitor:
To verify the report is being reviewed at least weekly, confirm that the necessary procedures are in place and being followed.
Comments
Post a Comment