Business cyber safety tool

Microsoft 365 Account Safety Check

Could your Microsoft 365 account already be at risk?

This self-check cannot confirm whether an account is compromised. It helps identify warning signs that should be reviewed by someone with the right Microsoft 365 admin access.

Microsoft 365MFA promptsMailbox rulesOld access
Your IT & Tech Mates Microsoft 365 Account Safety Check for Australian small businesses reviewing sign-ins, MFA prompts, mailbox rules, sharing and old access.
Plain-English business cyber safety help from Your IT & Tech Mates.

Fast decision guide

Use this quick guide before you ignore a warning sign, approve a request or keep a risky process running.

StopUnexpected prompts, unknown sent email or unfamiliar sign-ins need review.
CheckReview sign-ins, mailbox rules, sharing and old staff access.
AskGet admin help before ignoring unusual Microsoft 365 activity.
ActProtect admin accounts, review rules and remove old access first.

Privacy: answer in general terms only. Do not enter passwords, login codes, card numbers, bank passwords, ID numbers or private customer records.

Answer the quick questions

Tick the statements that match your business situation. The result updates automatically.

Login and account warning signs
Mailbox and sharing signs
Admin and old access

What to do now

Review warning signs

Check unexpected MFA prompts, unfamiliar sign-ins, unknown sent email and suspicious password alerts.

Check mailbox rules

Look for unknown forwarding, inbox rules, delegation or hidden mail handling.

Protect admin access

Secure admin accounts, remove old staff access and review shared mailbox access.

Related tools and guides

Need help turning this into a safer business process?

If you see signs of unusual Microsoft 365 activity, do not ignore it. Your IT & Tech Mates can help review sign-ins, mailbox rules, admin access, MFA settings and recovery options.

FAQ

Can this confirm an account is compromised?

No. It is a self-check for warning signs. A proper review needs admin access and the right account logs.

What should I check first?

Start with unexpected MFA prompts, unfamiliar sign-ins, mailbox rules, sent mail and admin accounts.

Should staff approve unexpected prompts?

No. Staff should only approve prompts they started themselves.

Updated