Forum Discussion
Enable Quarantine Notifications for Strict protection (Strict Preset Security Policy)
- Well, the DefaultFullAccessPolicy quarantine policy has notifications disabled, and you cannot toggle that. And I guess it overrides the notification settings within the Strict policy. So create a new policy (or use the NotificationEnabledPolicy) and change the settings via PowerShell:
[18:12:54][O365]# Set-HostedContentFilterPolicy "Strict Preset Security*" -PhishQuarantineTag NotificationEnabledPolicy
WARNING: All recommended properties will be controlled by Microsoft.
[18:13:00][O365]# Get-HostedContentFilterPolicy "Strict Preset Security*" | fl PhishQuarantineTag
PhishQuarantineTag : NotificationEnabledPolicy
Rinse and repeat for all other actions as needed.
You can use PowerShell to modify some parts of the Standard and Strict preset policies.
This command show you which policy is applied for a High confidence spam message action:
Get-HostedContentFilterPolicy "Strict Preset Security Policy Name" | fl Name,HighConfidenceSpamAction,HighConfidenceSpamQuarantineTag
Now, if you have a Quarantine policy with notifications enabled (e.g. NotificationEnablePolicy) you can update the preset policy:
Set-HostedContentFilterPolicy "Strict Preset Security Policy Name" -HighConfidenceSpamQuarantineTag NotificationEnablePolicy
AS at April 2023 any attempted adjustments to Standard or strict presets produces the following output...
WARNING: All recommended properties will be controlled by Microsoft.
and no changes are made
- The output was also displayed Dec 2022. Changes made using PowerShell still work though. I assume the Notification is not part of the recommended properties.
I am trying to do the same with my standard/strict policies and the values aren't changing.
After the attempt to set the new notification policy, the recheck with
Get-HostedContentFilterPolicy "Standard Preset Security*" | fl
returns the same result as before.
So, no, can't assign a different quarantine policy.
Same here. We were told by MS support to activate preset security policies to get less false negatives (our custom policies sometimes failed to quarantine phishing emails, even though they were more restrictive than the standard preset). But the standard preset activates quarantine notifications, which we don't want, and there is no way to edit the preset policies, as shown here. Presets cannot be edited in any way. They are maintained by MS.
The fact that presets always have priority over custom policies is strange, as we could have wildly different settings in our custom policy and those would be entirely ignored. This is why we opted out of presets.
