In situations involving compromised user accounts simply disabling an account is often not sufficient to mitigate the threat especially if the account is actively being using to send SPAM/Phishing email or to download data.
If you have a public folder that you want to apply permissions in Office 365, you might have noticed that the web console can be slow if you have a long list of folders and sometimes the web console will time out and result in inconsistent permissions applied to sub folders.
A much better method is to apply permissions to it using the Exchange Management Shell, its pretty easy and works with 365 and hosted Exchange.