Forum Discussion
Alert on disabled user
Hi,
We received a "Suspicious email deletion activity" alert today for activity "Purge messages from the mailbox: ...". The user account is not allowed to sign-in and has no licenses assigned. His MFA is enforced. How could that be? Is it possible that an internal purging process triggered this alert?
Thanks.
We are seeing these alerts lately too on many users. And some indeed are disabled users. Any idea what's going on MS?
Curtis I got a security alert from proofpoint about an email that got sent to a disabled outlook account. I need a copy of the email for analysis but Compliance won't search on the disabled account. Proofpoint doesn't appear to be executing the requested quarantine either. The whole situation is confusing/a pain.
