Several suspicious emails are being reported from end users. Organizational email is hosted by a SaaS provider. Upon investigation, the URL in the email links to a phishing site where users are prompted to enter their domain credentials to reset their passwords. Which of the following should the cloud administrator do to protect potential account compromise? 

Answer options:

A. Forward the email to the systems team distribution list and provide the compromised user list.
B. Click on the URL link to verify the website and enter false domain credentials.
C. Change the encryption key for the entire organization and lock out all users from using email until the issue is remediated.
D. Notify users who received the email to reset their passwords regardless of whether they click on the URL.

D