How to fix a compromised (hacked) Microsoft Office 365 account

Verify that the users machine is not compromised

Make sure the user has anti-malware software installed, running and that it's up-to-date. If you do not have malware software installed, you can download a free solution from the Microsoft Protection Center. You can also use the Malicious Software Removal Tool to scan your computer for malware. In cases where these recommendations are not enough, you should follow the Advanced Troubleshooting steps.

Remediation Steps:

• Reset password (this secures the account and kills active sessions).
• Remove mailbox delegates.
• Disable mail forwarding rules to external domains.
• Remove global mail forwarding property on mailbox.
• Enable Multi-Factor Authentication (MFA) on the user's account.
• Set password complexity on the account to be high.
• Enable mailbox auditing.
• Produce Audit Log for the admin to review.

Resolution Steps: 

Issue – O365 user unable to send emails due to “Potentially Compromised Account’ Error.

Resolution: 

1. Login to O365 Admin Portal
2. Go to “Exchange”  in Admin Centers
3. Now go to  “Protection”
4. In Protection Page Search for the Restricted User
5. In the End There is “Actions” Section Click on Unblock – This will allow user to send out emails