We had a user account compromised and audit revealed multiple instances of what looks like the attacker sending emails to our External Users group (which I'm assuming to be all our clients with whom we've shared SharePoint/OneDrive sites/items, almost 600 of them).
This is understandably a HUGE security issue and needs to be addressed immediately. The problem is that I can't find the group email address, ID, or anything to identify it because it's some default Microsoft group. Nothing in Exchange Online, nothing in Azure AD... just nothing, I can't find it anywhere.
Multiple 365 support people are fumbling it and can't figure out what to do, yet don't want to pull in the Security/Azure/SharePoint teams. Anybody know how to ID the External Users group and prevent users from emailing it?
Thanks in advance.