We have already tried the generated answers
our account is under attack causing us to no longer be able to login to outlook etc.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 5%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Spectrum Security
0
Reputation points
Our account appears to be under attack causing us to be logged out of our accounts. we have reset password several times but continue to be logged out. Moved from: Microsoft Security | Microsoft Authenticator
Outlook | Web | Outlook on the web for business | Security
3 answers
Sort by: Most helpful
-
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 50%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETS%3C/text%3E%3C/svg%3E)
Thomas Samuel 0 Reputation points2025-11-13T17:03:19.22+00:00 Hi Spectrum Security,
In this case, is it the Global Administrator that's being attacked? In this scenario, I would take the following actions:
- Reset the password for your Global Administrator account again.
- Within the Entra ID Admin Center, revoke all active sessions. Find the user in question, and select "Revoke sessions" along the top of the page.
- Sign back in using your new password, and check to ensure no new multifactor authentication methods have been added to your account. If they have, remove them.
I hope this advice helps!
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 17%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHN%3C/text%3E%3C/svg%3E)
Hani-N 5,515 Reputation points Microsoft External Staff Moderator2025-11-13T22:41:26.4166667+00:00 Thank you for posting your question in the Microsoft Q&A forum.
It appears your account is experiencing repeated sign-outs even after multiple password resets, which strongly suggests that your account may have been compromised.
To help you regain control and prevent further unauthorized access, please follow these detailed steps:
1/ Review recent activity
- Sign in to Microsoft Account Security.
- Check Recent Activity for unfamiliar sign-ins, locations, or devices.
- If you see anything suspicious, select “Look unfamiliar? Secure your account”.
- Click on Yes
- You will navigate to Microsoft Security page and select Sign out everywhere.
- This will invalidate all active sessions across devices and apps, forcing reauthentication with your new credentials.
2/ Reset password and enable MFA
- Reset your password immediately using a strong, unique password that you haven’t used elsewhere:
- Go to Security info tab > Choose Change at Password (preview)
- Enable Multi-Factor Authentication (MFA) for added protection. MFA ensures attackers cannot access your account even if they know your password.
- You can learn how to enable MFA at here: Set up multifactor authentication for users - Microsoft 365 admin | Microsoft Learn
3/ Sign out everywhere
- Go to My Sign-Ins | Security Info | Microsoft.com and select Sign out everywhere.
- This will invalidate all active sessions across devices and apps, forcing reauthentication with your new credentials.
4/ Check for suspicious rules in Outlook
- Sign in to Outlook on the web.
- Click the Settings (gear icon) in the top-right corner.
- Go to Mail > Select Rules
- Review all rules listed.
- Delete any unfamiliar or suspicious rules (e.g., rules that forward emails to unknown addresses).
- Go to Mail > Forwarding:
- Check if forwarding is enabled.
- Remove any forwarding addresses you did not set up.
For more detailed guidance, please refer to these official Microsoft resources:
- Recover a hacked or compromised Microsoft account
- Responding to a compromised Microsoft 365 email account
- Address compromised user accounts with automated investigation and response
- Token Theft Playbook
I hope this information is helpful. Please follow these steps and let me know if it works for you. If not, we can work together to resolve this.
Thank you for your patience and your understanding. If you have any questions or need further assistance, please feel free to share them in the comments on this post so I can continue to support you.
I look forward to continuing the conversation.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
-
Hani-N 5,515 Reputation points Microsoft External Staff Moderator
2025-11-14T21:53:23.2233333+00:00 I hope everything is going well on your end.
I’m following up on the support thread we've been working through together. I wanted to check in and see if the information I shared in my previous answer helped resolve the issue you were experiencing.
If you're still experiencing any issues or have further questions, please feel free to reach out at any time. I’m always happy to help if you need anything else.
We want to ensure everything is functioning smoothly and that your experience remains seamless.
Thank you again for your collaboration throughout the troubleshooting process. I look forward to hearing from you soon.
Warm regards,
Sign in to comment