Incident Response Form: Microsoft 365 Account Compromise
Date of Incident:
Reported By:
Date of Report:
User Affected:
Description of Compromise:
Date/Time of Compromise:
Detection Method:
Account Lockdown (Yes/No, details):
Password Reset (Yes/No, details):
Sign-In Blocked (Yes/No):
Systems/Services Impacted:
Logs Reviewed (Yes/No, summary of findings):
Unauthorized Activity Found (Yes/No, details):
Forwarding/Deletion Rules Removed (Yes/No, details):
Suspicious Apps/Add-Ins Removed (Yes/No, details):
MFA Status (Enabled/Not Enabled, any changes made):
Internal Notification (Yes/No, details):
User Notified (Yes/No, date and time):
Regulatory Notification (Yes/No, if applicable):
Root Cause Analysis (Summary of findings):
Security Measures Implemented:
Training Provided (Yes/No, details):
Incident Status (Open/Closed):
Final Notes:
Lessons Learned:
Signature of Preparer:
Signature of Reviewer:
Prepared By:
Reviewed By:
Date of Review:
Submit