One basic way we can detect compromised Microsoft accounts is by monitoring new email rules.
Tag: M365
With the SolarWinds breach in the headlines, CISA has released a tool designed to help Azure and Microsoft 365 clients detect compromised accounts. Sparrow is a Powershell script that gathers data related to potentially compromised accounts and applications in Azure or Microsoft 365.