🔥 3-day streak
Microsoft Security Operations Analyst118 / 190
Question 118 of 190

During an incident investigation in Microsoft Defender XDR, legal counsel asks you to identify and review email and Teams messages sent by a suspected malicious insider before any data is exported. You have created an eDiscovery (Standard) case and added the user's mailbox and OneDrive as data sources. You now need to locate the specific messages and confirm their content while ensuring you do NOT permanently alter or remove any items. What should you do next?

Reviewed for accuracy · Report an issueNext question