There’s nothing quite like starting with a win.
This week, one of our newest clients had only just been onboarded when our 24/7 Security Operations Centre received a high-risk sign-in alert — late in the evening. The alert was triggered by Microsoft Entra ID, which we deploy as standard for all clients, and was backed up by our Managed Detection and Response (MDR) integration with Microsoft 365.
What Happened
-
Multiple suspicious sign-in attempts were detected from global locations
-
The attacker was using a VPN to try and hide their tracks
-
They were using a real, compromised password that had been in use for months
Within minutes:
-
All sign-in sessions were revoked
-
The account was secured and the password was reset
-
A full investigation was launched
The client was informed, the risk was stopped, and no data was accessed.
The Source? Password Reuse
The attacker had gotten hold of the password through an unrelated third-party breach — and had been quietly trying to brute-force their way in ever since. The client wasn’t aware, because they had no visibility. Now they do.
Why It Matters
This is exactly why we include Entra ID, MDR, and 24/7 SOC coverage as part of our default protection stack:
-
🔍 Alerts surface in real time
-
â›” Dangerous sessions are stopped automatically
-
🧠Investigations are fast and informed
-
🛡️ Clients are protected before they even realise there’s a threat
The Takeaway
Our client avoided a full account compromise because the right tools were in place from day one.
Now the only job left? Updating every other service where that same password was used — a good reminder that password reuse is still one of the biggest risks to your business.
Want to know if your Microsoft 365 account would alert on a breach?
We’ll run a no-obligation review and show you what’s missing.
Comments