CaseUB1.C6 Remove Emails
ThreatUB1.C6.T1 – Lost of email non-reputation evidence
K –KQL Queries – UB7.C1.K1.T1 Data leakage
Known interaction – (Users) UB3.C2.K2 – Sign-in on non-owner devices
Threat- UB3.C2.K2.T1 – User sessions remains active on non-owner devices after user activity