![The compliance team is currently in the process of hardening the Microsoft 365 environment. One of their primary goals is to restrict the ability of users to grant consent to risky applications. A step in this process requires an audit of existing applications and permissions. While reviewing the results, they noted an unusual application named **Microsoft Activation App**. This discovery prompted a notification to the SOC.
After initial investigation, the SOC identified a possible phishing attempt in Exchange logs just prior to the granting of permissions to Microsoft Activation App. They based this assessment on the subject of the message: **[URGENT] Microsoft Activation Code**. Your task is to determine *if*, and to what extent, the Microsoft 365 environment is compromised.
The events in your SIEM can be found in the following timespan: 20 November 2023 - 22 November 2023.](https://assets.aceresponder.com/meta/7527f2df-768f-494b-beed-80f4d5395f4a.png)
Pwned 365
The compliance team is currently in the process of hardening the Microsoft 365 environment. One of their primary goals is to restrict the ability of users to grant consent to risky applications. A step in this process requires an audit of existing applications and permissions. While reviewing the results, they noted an unusual application named Microsoft Activation App. This discovery prompted a notification to the SOC.
After initial investigation, the SOC identified a possible phishing attempt in Exchange logs just prior to the granting of permissions to Microsoft Activation App. They based this assessment on the subject of the message: [URGENT] Microsoft Activation Code. Your task is to determine if, and to what extent, the Microsoft 365 environment is compromised.
The events in your SIEM can be found in the following timespan: 20 November 2023 - 22 November 2023.
Analyst
$17.49
/mo
Explore realistic pre-recorded attacks
Master full-featured defensive platforms
Browser-based challenges and modules
Extended attack videos
Grants access to Analyst content. You can cancel any time by returning to this page and following the cancellation steps.
Defender
$44.49
/mo
Instant fully interactive labs
Hands-on prevention and detection
Master offensive techniques
Security engineering exercises
Highly realistic and dynamic scenarios
Access to all Analyst-level content
Grants access to all Defender content, Analyst content and interactive lab environments. You can cancel any time by returning to this page and following the cancellation steps.