How to protect my Microsoft 365 Account?


The most common solution is the Microsoft Multi Factor Authentication method (MFA) and the Microsoft Authenticator app on smartphone.


Without MFA protection, you email account is accessible from everywhere with a simple login and password protection.

Soon, your email account will be hacked.

When the hackers take control of your email account, they will use the data to generate Phishing email and maybe send false payment details to your customers.

Your access will be used by the hacker or sold on the Dark web.


When the account is hacked, the first phishing are only sent a few weeks later. Most of the time they read all your email with attention and take action at the best moment to change payment information for exemple.


Some time, you email account is just used to send phishing emails and try to hack other accounts.


In all cases, your data are accessed and used. So a data lost must be reported to your Data Protection Office and/or to the APD: https://www.autoriteprotectiondonnees.be/citoyen

Check list - What to do when things go wrong?


  1. Block
    1. Contact LogicalTIC or your internal IT administrator to report the event
    2. Block access to your account
    3. If you have already made a payement, please contact your bank ASAP.
  2. Solve & report
    1. Protect your email account with MFA
    2. Report the event to your DPO
    3. Report the event to your local Police office
  3. Prevent
    1. Enhance your security level
    2. Follow some trainings and webinars:
      https://safeonweb.be/fr/faire-le-test-du-phishing.
      https://support.microsoft.com/en-gb/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44



Ok, the MFA is fine to protect but about phishing? What can I do or check?

Check the real sender and add the warning banner

We can enable a banner that is added in the email that you receive telling you that "you don't often get email from" this person. Also, the real email address is shown in the banner.


Check the link in URLs

Just let your mouse pointer on the image or url and wait 1 second. The URL will be shown. Most of the time, the domain name will not be the one of your contact.


Example of an email with a false attachment or sharepoint link

In this email, the domain name is powerappsportals.com, not the one of the contact.


Example of a false email coming from OVH (09/10/2024)

In this case, we can see multiple issues:

  • The From email address is not correct
  • The Link is not ovh.net or ovh.com 
  • You are not an OVH customer


Example of a false Offie 365 sign-in page

Check the URL in your address bar. 

In this case the form will get your login and your password and send it to the hacker.