(Just for my reference)
When an attacker gets the office 365 portal admin access, the first thing he is going to delegate a user to get full access to the user’s account, contact and calendar etc.
Select “recipients” -> “Mailboxes”.
Double click the user that need to be full access, on the “Edit User Mailbox” window, Under “Full Access”, add the compromised email account.
Then the attacker can open the user’s mailbox through File -> Open -> Other User’s Folder
To see if someone access your mailbox, Login to https://outlook.office365.com/ecp/, select “compliance management” -> “auditing” -> “Run a non-owner mailbox access report”
On the popup window, select start day and end date, on “Search for access by” dropdown list, select “All non-owners”, click “Search”.
No comments:
Post a Comment