Forum Discussion

SlevinKelevra's avatar
SlevinKelevra
Copper Contributor
Sep 01, 2023

O365 email account compromised despite MFA

Hi all,

So one of my users clicked on a link in a suspicious email. A few days later emails were being sent out to all contacts from their account.

Azure sign-in logs showed that access was from a completely different country/continent. The Authentication requirement said 'Multifactor Authentication', the 'Status' said interrupted.

My question is how despite getting access could they bypass authentication. Nothing came through his authenticator app at any point. The machine is clean of anything malicious on it. 

 

Thank you.

Resources