🔥 3-day streak
Microsoft Security Operations Analyst45 / 190
Question 45 of 190

During an active phishing incident, Threat Explorer in Microsoft Defender for Office 365 shows that a malicious email bypassed filtering and was delivered to 240 mailboxes 3 hours ago. Zero-hour Auto Purge (ZAP) did not act because the message was not classified as malware or high-confidence phish at delivery time. As the SOC analyst, you need to remove the already-delivered messages from all affected inboxes with the least manual effort. What should you do?

Reviewed for accuracy · Report an issueNext question