🔥 3-day streak
Microsoft Security Operations Analyst68 / 190
Question 68 of 190
During a proactive threat hunt in Microsoft Defender XDR Advanced Hunting, you need to identify recently created inbox rules that automatically forward or delete messages containing keywords like 'invoice' or 'payment' — a common business email compromise (BEC) persistence technique. You want a single table that surfaces the rule-creation activity across Exchange Online mailboxes with the operation name and the parameters used. Which table should you query?
Reviewed for accuracy · Report an issueNext question