🔥 3-day streak
Microsoft Security Operations Analyst53 / 190
Question 53 of 190
A SOC analyst is investigating a Microsoft Defender XDR incident triggered by Defender for Office 365. A phishing email with a malicious link was delivered to 40 users' inboxes 30 minutes ago. The verdict has since been updated to malicious, but the messages are still sitting in users' mailboxes. The analyst needs to remove the delivered messages from all affected mailboxes with the least manual effort while preserving a copy for later investigation. Which action should the analyst take?
Reviewed for accuracy · Report an issueNext question