Free Tech Experience: Access Denied

Ticket: IT-0001
Status: Open
Priority: Critical
Assigned To: You

Subject: Compromised Account

Description: David Choā€™s corporate devices were stolen.

Immediate Action:

  • Lock his account
  • Kill his active sessions
  • Wipe his MFA.

Portal: entra.microsoft.com

Your Credentials:

User: t1support@sterlingmutual.onmicrosoft.com

Password: SecureTheBreach!123

Ā 

Need a lifeline? Here is your SOP (Standard Operating Procedure): In the enterprise environment, you don't have to memorize every buttonā€”you just have to know how to follow the documentation. Use this step-by-step guide to resolve the ticket.

1. Locate the User

  • Log into entra.microsoft.com using the credentials above.
  • On the left menu, click Users > All users.
  • Search for David Cho and click on his name.

2. Kill Active Sessions

  • At the top of David's profile, click the Revoke sessions button. This instantly kicks the thief out of all Microsoft 365 apps.

3. Lock the Account

  • Click Edit properties at the top.
  • Scroll down to Account status and uncheck "Enable sign-in".
  • Click Save at the bottom.

4. Wipe the MFA

  • On the left-hand menu of David's profile, click Authentication methods.
  • Click Require re-register MFA. This ensures that when we give David his account back, the thief's phone is no longer linked.
Submit Ticket