🔥 3-day streak
Microsoft Security Operations Analyst95 / 190
Question 95 of 190

During a phishing investigation in Microsoft Defender XDR Advanced Hunting, you have already identified a malicious URL delivered to several mailboxes. You now need to determine which users actually clicked the link and whether Safe Links allowed or blocked the navigation. Which single table should you query to obtain the per-user click verdicts (allowed vs. blocked) for that URL?

Reviewed for accuracy · Report an issueNext question