Handling a New Client After a Security Incident

The author has acquired a new client following a security incident and discovered a password spray attack against certain accounts. Measures taken include resetting passwords, revoking MFA tokens, and adding CA policies. The point of contact, the owner's nephew, frequently reports unfounded concerns about system compromise, despite the lack of alerts or telemetry indicating a compromise with Defender XDR.