🔥 3-day streak
Microsoft Security Operations Analyst49 / 190
Question 49 of 190

During an incident in Microsoft Defender XDR, Threat Explorer shows that a phishing email bypassed filtering and was delivered to 340 mailboxes. Your SOC has approval to perform tenant-wide remediation. You want the email removed from users' mailboxes but recoverable from the Recoverable Items > Deletions folder in case legal later needs to review the message content. Which remediation action should you select?

Reviewed for accuracy · Report an issueNext question