Forum Discussion
Solved
Enable Quarantine Notifications for Strict protection (Strict Preset Security Policy)
How can I enable quarantine notifications for the preset strict protection policies. There is no way to assign a quarantine policy to strict protection policies.
- Well, the DefaultFullAccessPolicy quarantine policy has notifications disabled, and you cannot toggle that. And I guess it overrides the notification settings within the Strict policy. So create a new policy (or use the NotificationEnabledPolicy) and change the settings via PowerShell:
[18:12:54][O365]# Set-HostedContentFilterPolicy "Strict Preset Security*" -PhishQuarantineTag NotificationEnabledPolicy
WARNING: All recommended properties will be controlled by Microsoft.
[18:13:00][O365]# Get-HostedContentFilterPolicy "Strict Preset Security*" | fl PhishQuarantineTag
PhishQuarantineTag : NotificationEnabledPolicy
Rinse and repeat for all other actions as needed.
- # Set-HostedContentFilterPolicy "Strict Preset Security Policy Name" -SpamQuarantineTag ReleaseRequestPolicy
# Set-HostedContentFilterPolicy "Strict Preset Security Policy Name" -PhishQuarantineTag ReleaseRequestPolicy
# Set-HostedContentFilterPolicy "Strict Preset Security Policy Name" -HighConfidenceSpamQuarantineTag ReleaseRequestPolicy
I also tried the Powershell, and it returned " WARNING: All recommended properties will be controlled by Microsoft. "
as both admin and end users are no longer receive any notification for HighConfidenceSpam, Any resolution from Microsoft? We would also like to enable preset security policy but due to the fact that users get quarantine notifications I had to disable the policies. if anyone have an idea on how to change this I would very much like to get that information.
according to the information in this link https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/quarantine-quarantine-notifications?view=o365-worldwide
quarantine notification policy with the name DefaultFullAccessWithNotificationPolicy is used to preset security policies (and I see no information about that this can be changed).
Kiril-- It can't be done; those things are backed in. But there's nothing in the "Strict" or "Standard" policies that you can't duplicate by creating a new policy yourself that includes user notification. I did that when I realized I would have to release all the junk from quarantine myself -- no way was that happening.
You can use PowerShell to modify some parts of the Standard and Strict preset policies.
This command show you which policy is applied for a High confidence spam message action:
Get-HostedContentFilterPolicy "Strict Preset Security Policy Name" | fl Name,HighConfidenceSpamAction,HighConfidenceSpamQuarantineTagNow, if you have a Quarantine policy with notifications enabled (e.g. NotificationEnablePolicy) you can update the preset policy:
Set-HostedContentFilterPolicy "Strict Preset Security Policy Name" -HighConfidenceSpamQuarantineTag NotificationEnablePolicyAS at April 2023 any attempted adjustments to Standard or strict presets produces the following output...
WARNING: All recommended properties will be controlled by Microsoft.
and no changes are made
- For the Strict policy, both SpamAction and HighConfidenceSpamAction are already set to Quarantine. You can verify this via PowerShell and the Get-HostedContentFilterPolicy cmdlet.
- Got it, thanks! But this does not trigger quarantine notifications (mail to user). The messages are moved to quarantine, without notifying the user.
- Check your Quarantine policy as well, by default notifications should be enabled. But the period might be too long (IIRC 3 days is the default one).
