Business cyber safety guide

Microsoft 365 Account Warning Signs Small Businesses Should Not Ignore

A Microsoft 365 account issue may show up as strange login prompts, missing emails, new rules or messages staff did not send.

Quick answer: stop and verify using a trusted contact method before you pay, approve, reply or ignore warning signs.

Your IT & Tech Mates Microsoft 365 account warning signs guide for Australian small businesses reviewing unusual sign-ins, mailbox rules and MFA prompts.
Your IT & Tech Mates Microsoft 365 account warning signs guide for Australian small businesses reviewing unusual sign-ins, mailbox rules and MFA prompts.

Fast decision

PauseDo not rush payment or approval.
VerifyUse a known contact method.
RecordKeep a short evidence note.
EscalateAsk for help if risk remains.

What this means for a small business

A Microsoft 365 account issue may show up as strange login prompts, missing emails, new rules or messages staff did not send.

Most business cyber problems become expensive when a normal-looking request is handled too quickly. A safer process gives staff permission to pause, check the source, and ask for help before money, access or sensitive information is exposed.

This guide uses fake examples only. It is designed to help you prepare a safer next step, not to collect private records or replace professional investigation.

Warning signs to check

  • Unexpected MFA or two-step login prompts.
  • Emails sent, moved or deleted without the user recognising them.
  • New forwarding rules, inbox rules or mailbox delegates.
  • Unfamiliar sign-ins, unusual locations or password reset alerts.

What to do now

  • Use the account safety check to collect warning signs without sharing passwords.
  • Ask someone with the right admin access to review sign-ins and mailbox rules.
  • Protect admin accounts with strong two-step login.
  • Remove old staff accounts and unnecessary access.
Safe next stepUse the related free tool to turn the warning signs into a plain-English action note for your business.

What not to do

  • Do not approve unexpected login prompts.
  • Do not assume the issue is fixed just because the password was changed.
  • Do not share login codes with anyone, including someone claiming to be support.
Money already sent?Contact your bank immediately. Then save the email, invoice, payment and verification details for review.

Related Business Cyber Safety links

FAQ

Is this a formal cyber audit?

No. This is a practical self-check guide, not a formal audit, investigation, certification or guarantee.

Should I share passwords or login codes?

No. Do not share passwords, login codes, banking passwords, card numbers or private customer records through this guide.

What if money has already been sent?

Contact your bank immediately. Then collect the invoice, email details and verification notes for review.

Updated