Hey everyone! I'm the sole IT admin at my small cloud-based company using Microsoft Entra ID P1, and I'm diving into the world of IT security. I've got a couple of problems that I'm hoping to get your insights on:
**1. Email Spam Issues:**
We have a user who's been hit with over **10,000 spam emails** in the last six months. I've set up **inbox rules** and reported the spam, and so far, we haven't found any phishing or fraudulent emails. Is there a way to prevent spam from overwhelming their inbox in the first place? Also, how can I ensure that there isn't a bigger issue lurking behind this spam?
**2. Suspicious Login Attempts on Exchange Online:**
Another user is experiencing **frequent failed login attempts** on their account via Exchange Online (SMTP), with attempts coming from various **global IPs**. I've revoked their session, but I want to make sure I'm doing everything I can to protect them. What steps can I take to effectively block or reduce these login attempts?
Thanks in advance for any help or suggestions! I'm still learning the ropes and really value the support from the community!
5 Answers
One idea I heard about is to block emails from senders without DMARC setups. Major providers like Google and Yahoo quarantine emails by default if they lack this, so implementing something similar could drastically reduce spam.
I’m not an expert in email admin, but for the logins, I recommend using geo-restrictions. If your company is small, limiting logins to specific regions can really help cut down on suspicious attempts.
Make sure you have strong 2FA in place too, or consider password-less options with an Authenticator app or Yubikeys. It's better to secure accounts proactively! Also, watch for any more unusual activity related to the spam issue – it could all be connected.
Email bombing is usually tied to either a hacked account or a legitimate purchase that the scammer wants to hide. It’s common that when someone buys something online, they’ll try to mask it with spam. You really want to check the user’s accounts to see if they’ve been compromised, as that’s often the case with high volumes of spam.
I’d definitely keep monitoring for any unusual activity just in case.
Also, consider using the Hawk investigation tool. It's free and once you set it up, it can give you some good insights into what's happening behind the scenes with your users' accounts.
Are you using Defender for Office 365 or any other email filtering service? You might want to crank up the security settings to block more spam. Conditional access policies can also help you tighten access to only what you need.
Going for password-less authentication methods or stronger measures like Windows Hello can keep your accounts safer too. Remember, while you can’t stop all login attempts, making them irrelevant is key!
I like that! Making the attempts pointless is a solid plan. Thanks for the tips!
That makes sense! I didn’t think of geo-restrictions; I'll definitely look into implementing that.