Emergency response checklist for credential breaches in Microsoft 365 and Google Workspace. Contain, secure, and prevent repeat incidents.
This free incident response checklist from Teclara provides step-by-step guidance for responding to credential breaches in Microsoft 365 and Google Workspace environments. The guide is designed as a printable checklist for the first 60 minutes after a staff account is compromised, covering both platforms.
Immediate containment steps include resetting compromised passwords and enforcing MFA on all affected accounts, revoking active sessions and resetting tokens in Microsoft 365 or Google Workspace, reviewing sign-in logs and mailbox forwarding rules for malicious changes, and notifying stakeholders while documenting evidence for insurance and compliance teams.
The guide also covers preventing repeat incidents through hardening the environment after a breach. This includes implementing stronger identity policies, deploying phishing-resistant MFA, reviewing conditional access configurations, and updating security awareness training for staff. The checklist is designed to be kept in an incident response binder so teams can move quickly when access is compromised.
This resource is particularly relevant for professional services firms handling sensitive client data including law firms, accounting practices, consulting firms, and financial services companies where a credential breach can have immediate regulatory and client trust implications. Download the free PDF to prepare your organization for credential compromise scenarios.