Try this first
- 1Verify on another channel first: text or call the colleague. Did they request it themselves? Often the answer is yes.
- 2If not them, do NOT click the link in the email. Sign in directly via your usual route (microsoft.com/login).
- 3In Microsoft 365 admin, check Sign-in logs for that user. Unusual locations or times? One signal of a real attack.
- 4If suspicious: force password change, re-run MFA, revoke the user's sessions. Then investigate how it happened.
When to bring us in
Cannot read sign-in logs, or multiple users affected at once? Call us; this is not a "leisurely fix" case.
See also
- I think I clicked a phishing linkNo shame, happens to everyone. The next fifteen minutes matter.
- A colleague's account is acting strangelySending mail in their name, rules hiding folders, unusual sign-ins. Suspicious.
- Lost the MFA app: new phone, no backup codesClassic problem after a phone upgrade. You are not the first to be locked out.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.