🔥 3-day streak
Microsoft Cybersecurity Architect Expert97 / 158
Question 97 of 158

A financial services firm suspects that a compromised administrator account was used to read the mailboxes of several executives over the past four months. The incident response team needs to determine exactly which mailbox items were accessed, by whom, and when, to satisfy regulatory breach-notification requirements. The firm currently has Microsoft 365 E3 licensing with default audit settings. What is the most appropriate design recommendation to ensure this forensic capability is available for the current and future investigations?

Reviewed for accuracy · Report an issueNext question