Herewith the resolution for the Phishing issue on the 13/04/2018 where a mail was sent out containing an attachment with a link that points you to "Office365"

When a user clicked on this link the user was prompted to sign in on their O365 account

This caused that the affected user sent out mail (unknowingly) to all his/her mail contacts in outlook with the same attachment

If O365 picks up that there is a phishing mail attack from an address it will block this user from sending or receiving mail

To unblock set address(es) the following steps must be taken:

1. Log in on the O365 Admin Portal

2. Navigate to Exchange Admin Center (EAC)

 

3. In EAC navigate to Protection > Action Center

4. Select the Search icon and enter the SMTP of the blocked user

5. Click Unblock Account in the description pane

6. Click Yes to confirm the change.

And that is it for unblocking a mail address

After performing the above steps you need to test the user e-mail (internally and externally)

This particular Phishing attack created a Annonomous RSS Feed subscription in the users mailbox that prevents the user from sending and receiving external mail

To resolve this use an InPrivate Browser and log in on O365 Portal with the users credentials

Navigate to the users mail and under RSS Subscriptions and delete the subscriptions

Give it about 5min and mail should work again