One User who is sending SPAM

Hi Gary,

To follow up on what Adam has said

• Implementing SPF (As mentioned) DKIM and DMARC
• Strict Exchange Online settings, including Outbound spam and blacklisting
• Implementing Impersonation protection in the Security and Compliance Centre
• Implementing Advanced Threat Protection (ATP) if you have a Microsoft 365 Plan which has it to prevent future possible attacks to the user
• Reset Password (As mentioned) and implementing Multifactor Authentication (MFA) with Microsoft Authenticator to lock down the user
• Setup outbound spam notifications to monitor (https://heresjaken.com/how-to-setup-outbound-spam-notifications-on-office-365-or-exchange/)
• Turn on mailbox auditing in order to monitor if their mailbox is being accessed at unusual times https://docs.microsoft.com/en-us/office365/securitycompliance/enable-mailbox-auditing

There is also third party solutions such as Mimecast which offer Internal Email protect between the users mailboxes which ought to cut down on a lot of it if you decide to go the third party route.

Because it could be a breach I would also consider some additional steps such as scanning of the machine with a reputable endpoint solution, activating credential and device guard if using Windows 10 and enrolling their devices into Intune in order to manage and protect their devices against modern threats.

Hope this helps

Best, Chris