Incident Response Checklist 🚨 Immediate Actions (0-24 hours) Notify all employees about the phishing campaign and advise caution with emails and SMS. Implement a temporary block on external access to gift card issuance applications. Enforce a password reset for all employees, focusing on those with access to sensitive systems. Disable self-service password reset features temporarily to prevent unauthorized changes. Review and revoke any suspicious device registrations in Entra ID. 🔄 Recovery Actions Restore affected accounts and systems to secure configurations. Re-enable self-service password reset with enhanced security measures. Update and patch any vulnerabilities in cloud configurations. Reconfigure email security settings to prevent similar phishing attacks. Conduct a full review and update of identity and access management policies.
