Incident Response v.2.0: Partner Office 365 (O365) Compromise

As more ecosystems move to Microsoft's Office 365 it seems necessary to create an IR playbook for O365 compromises.

Said playbook should include proper responses.

Tasks to perform should include:

• Disabling established trusts
• Quarantining emails / messages
• Establishing enhanced security policies / black lists
• Calibrating monitoring / notification rules