MicrosoftOn the anti-malware policy you can currently enable notification to the user when message is blocked and they actually still get the message, but minus the attachments. But this is being deprecated in favour of the Quarantine notifications.
One useful feature with this legacy notification, is that it allowed the original message to come through minus the attachments.
Once this legacy feature is removed and we have to use Quarantine notifications only, there is no method to release a legitimate message, minus that attachment. So I'm not actually going to want to notify the user or give them or support the opportunity to release because although I don't mind them getting the email, I don't want them to have the attachment in case it contains some unknown malicious content.
So it would be good to still have some method where we can allow messages to pass through the original message, minus the attachment and/or allow option in Quarantine to release message without attachment. Even better make it so that you can only release the message without attachment for specific group of people, so users can only release without attachment but admins could release with attachment after additional checks done.
