malicious sign in activities

Joshua Van Wyk 0 Reputation points
2025-05-27T07:18:50.5133333+00:00

HI

We are getting alot of malicious sign-in attempt from around the world, need to know how to fix this issue

Exchange Online
Exchange Online
A Microsoft email and calendaring hosted service.
6,190 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Camila Th 1,915 Reputation points Microsoft External Staff Moderator
    2025-05-27T08:10:25.87+00:00

    Hi @Joshua Van Wyk

    Thank you for posting your question in the Microsoft Q&A forum.   

    Based on your inquiry, we are very sorry to hear that your account has received an amount of malicious sign-in in activities. In my perspective, I suggest you following these steps to secure your account:  

    If you use your personal account:  

    1. Sign in https://mysignins.microsoft.com/  
    2. Choose Security Info -> then choose Sign out everywhere 
    3. Change your password  

    These steps will assist you sign out your account from all devices  

    User's image

    For more secure, you can remove and re-register your MFA on your devices 

    If you know your admin in your organization: 

    1. Sign in Entra ID 
    2. User -> All Users -> Your Account  
    3. Revoke Sessions (requiring the user to re-sign in from all devices) -> Reset password. 

    You can also ask your administrator to reset your MFA to help secure your account. Please share this article with them and request that they follow the steps to reset your 2FA, so you can re-register it on your devices

    Manage authentication methods for Microsoft Entra multifactor authentication - Microsoft Entra ID | Microsoft Learn 

    User's image

    If you need further assistance, please let us know.  


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".     

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.     

     

    1 person found this answer helpful.
    0 comments No comments

  2. Sathish Veerapandian 81 Reputation points MVP
    2025-05-27T07:58:48.02+00:00

    An adversary always targeting an enterprise environment is quite normal scenario nowadays

    How to protect our environment. Well we can implement Robust Security Controls and some of them are below:

    The best thing is you need to make sure that you have well protected/hardened your environment

    Like for example have properly configured Endpoint Protection on your devices , have EDR enabled and have proper Network Security measures/controls in place

    Also have modern authentication\MFA turned on for all users

    Implement Conditional Access Policies for all your applications

    Try to implement all applications in a Zero Trust Policy Approach

    Use Microsoft Entra ID Protection to detect leaked credentials and unusual login patterns.

    Review Risky Sign-ins Reports in Azure Active Directory to identify compromised accounts

    Effectively utilize some proactive measures in the SOC Team and constantly educate the SOC Team with new techniques

    0 comments No comments

  3. Joshua Van Wyk 0 Reputation points
    2025-05-27T14:03:34.7366667+00:00

    Hi thank you for the responds, User's image


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.