Skip to content

Update remediate-malicious-email-delivered-office-365.md #321

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Jul 28, 2025
Merged

Update remediate-malicious-email-delivered-office-365.md #321

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
380a52c
Update remediate-malicious-email-delivered-office-365.md
PehDeh Jul 28, 2025
41d2904
Update remediate-malicious-email-delivered-office-365.md
chrisda Jul 28, 2025
b548dea
Merge branch 'public' into patch-2
chrisda Jul 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions defender-office-365/remediate-malicious-email-delivered-office-365.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ ms.localizationpriority: medium
search.appverid: MET150
description: Threat remediation
ms.service: defender-office-365
ms.date: 05/19/2025
ms.date: 07/28/2025
appliesto:
- ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 2</a>
---
Expand Down Expand Up @@ -106,7 +106,7 @@ Open any remediation item to view details about it, including its remediation na

**Delete sender's copy**: Also try to soft delete the message from the sender's Sent Items folder if the sender is the organization.

- **Hard delete**: Purge the deleted message. Admins can recover hard deleted items using single-item recovery. For more information about hard deleted and soft deleted items, see [Soft-deleted and hard-deleted items](/compliance/assurance/assurance-exchange-online-data-deletion#soft-deleted-and-hard-deleted-items).
- **Hard delete**: Purge the deleted message. Admins can recover hard deleted items using single-item recovery. For more information about hard deleted and soft deleted items, see [Soft-deleted and hard-deleted items](/compliance/assurance/assurance-exchange-online-data-deletion#soft-deleted-and-hard-deleted-items). If you use [Microsoft Defender XDR Unified role based access control (RBAC)](/defender-xdr/manage-rbac), you also need the **Email & collaboration metadata (read)** permission to hard delete messages.

> [!NOTE]
> In U.S. Government organizations (Microsoft 365 GCC, GCC High, and DoD) admins can take the actions **Soft delete**, **Move to junk folder**, **Move to deleted items**, **Hard delete**, and **Move to inbox**. The actions **Delete sender's copy** and **Move to inbox** from quarantine folder aren't available. Also, the action logs are available only at <https://security.microsoft.com/threatincidents>, not in the **Action Center** at <https://security.microsoft.com/action-center>.
Expand Down