Concrete, operator-grade walkthroughs of how KavachIQ runs identity-first cyber recovery for common Microsoft 365 incidents. Each scenario is illustrative, not a customer testimonial.
A privileged identity is compromised. MFA is weakened, Global Admin is abused, conditional access is modified, and OAuth grants or service principals are added. Blast radius grows quickly.
Restore Entra controls before data. Revert privileged role changes, MFA, conditional access, OAuth grants, and groups. Recover critical users, then verify with policy-active and sign-in checks.
A high-volume deletion event removes content across SharePoint sites and OneDrive accounts. Cause is unclear. Recycle bins and version history are not a coordinated business recovery plan.
Identify affected sites, libraries, users, and files. Confirm identity integrity first if any admin drift is detected. Restore critical workspaces first, then broader tenant content, verified end to end.
A large batch of mailboxes is removed. Retention tags, labels, and policies have shifted. Some mailboxes are beyond the native 30-day soft-delete window. Compliance needs answers.
Recover mailboxes past the native window. Restore retention posture alongside mailbox content. Produce a timestamped recovery report for legal and compliance review.
Walk any of these scenarios, or your specific incident, with a KavachIQ recovery engineer.