We received a "Suspicious email deletion activity" alert today for activity "Purge messages from the mailbox: ...". The user account is not allowed to sign-in and has no licenses assigned. His MFA is enforced. How could that be? Is it possible that an internal purging process triggered this alert?