Forum Discussion
Limit access to Quarantine (and only quarantine)
The enduser quarantine is reachable at https://security.microsoft.com/quarantine
Based on our security policies, we have limited access using Conditional Access and the cloud app “Microsoft Admin Portals.” Consequently, no user can directly access the quarantine.
We have made the necessary exceptions to ensure the quarantine functions properly.
However, there is an issue: Users without proper permissions can still navigate extensively within the portal. For example:
- On the left-side navigation, they can click on “Start.”
- Within the “Next steps” section, there is a link to “Advanced Hunting.” Although they cannot perform any actions there, the link remains accessible.
- Additionally, under “Additional Resources,” users can click on any admin center, albeit with limited functionality.
Is there anyone with an idea on how to restrict users to the quarantine area only, preventing access to other sections of the portal?
I just came across this issue when using this CA policy. Keen to know if there's another easy way without too much extra configuration to give users access to the Quarantine page whilst blocking admin portals.
- Hi Peter,
Thanks for the quick answer. My question though is how do you exclude the quarantine from the conditional access policy to still give them access to it but blocking access to "Microsoft Admin Portals"?- that is not possible - exclude means: Excluded from everything and the can access all other portals again.
- I have an idea.
If we crate a custom role in Entra ID with permissions to the quarantine and exclude it from the policy. It depends on if the include override the exclude.
Hi Peter,
I have setup a similar CA to block all users except admins from "Microsoft Admin Portals"
with the consequence that no user can directly access the quarantine. What did you do to make it possible for the user to access the quarantine?
Thanks Johan
- No solution yet - the existing CA cannot be used fully. You need to exclude your users from this CA.
- There's nothing else you can do. it's up to Microsoft to "clean" things up a bit. Try leaving feedback here: https://feedbackportal.microsoft.com/feedback/forum/d7dd1275-f65e-ed11-9562-000d3a4e3f39
VasilMichev thanks for your answer. I thought so.
Feedback is live: Limit access to Quarantine (and only quarantine) for endusers within Defender for Office 365 · Community (microsoft.com)
Let's spread the world and vote it up. I think everyone that uses the quarantine needs this. #ThisIsOurCommunity
