Microsoft 365 Administrator Expert MS-102 Practice Question
Your security operations team detects that a user account is sending thousands of phishing messages from Microsoft Exchange Online. You must immediately prevent this user from sending any further email, while ensuring that messages sent by other users continue to flow. You sign in to the Microsoft 365 Defender portal.
What should you do next?
Create an Exchange transport rule that rejects messages sent by the user.
Add the user account to the Restricted entities list under Email & collaboration.
Revoke the user's Azure AD refresh tokens and force a password reset.
Place the user's mailbox on litigation hold in Microsoft Purview.
In Microsoft 365 Defender, the quickest way to stop a single compromised account from sending email is to add the account to the Restricted entities list. This action blocks the user from sending messages through Exchange Online while leaving mail flow for all other users unaffected. Other options, such as placing the mailbox on litigation hold or configuring a mail flow rule, do not immediately block outbound sending. Revoking sign-in or resetting the password helps secure the identity but does not stop mail submission until the change is enforced across services. Therefore, adding the user to the Restricted entities list is the required step.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the Restricted entities list in Microsoft 365 Defender?
Open an interactive chat with Bash
How does adding a user to Restricted entities differ from creating an Exchange transport rule?
Open an interactive chat with Bash
Why doesn't resetting the password or revoking Azure AD refresh tokens immediately stop email sending?
Open an interactive chat with Bash
Microsoft 365 Administrator Expert MS-102
Manage security and threats by using Microsoft Defender XDR
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .