MicrosoftFaithEbenezerOquong there seems to be no other place to ask questions about Message Center post MC505088 (Microsoft Defender for Office 365: Quarantine Notifications enabled for Preset Security Policies). I could just start a new thread, but that won't get any attention from Microsoft. Initially, Preset Security Policies had all no notifications enabled, yet undocumentedly could be customized to enable the Qurantine Policy of choice (which seems counter to the idea of preset policies that follow a standardized best practice), if they can just be tinkered with however desired). So it's nice to see the notifications are finally being thought of in the Presets. BUT, then when we start to dig in, the choices for which Quarantine Policy is assigned to which threat type/level, it is hard to figure out the logic.
For starters, it should be spelled out clearly, why is it that Microsoft wants certain threat types/levels to be FullAccess, but no Notification, while other threat types/levels are also FullAccess but get a Notifcation? Next, and more perpexling is why would Standard want to forego the Notifcation for regular-confidence spam, but not for high-confidence spam, especially when Strict deems the notification is necessary for either?
Maybe there's a good explanation, but it isn't written down anywhere that any customers can see. To me it doesn't make sense the way it's been setup.
