Forum Discussion
Configure Quarantine Notifications to Admins when the any Email is quarantined
Hi All, Good morning, I would like to understand the possible options in EOP and defender for O365 to send an alert or notification mail to the E-mail administrator as soon as any mail is quarantine...
We use the second option, but for fewer alert types (e.g. malicious URL clicked) fed directly into the security team's ticket queue.
We also have Report Message enabled and configured to send copies to a dedicated SecOps mailbox (Email & Collaboration > Policies & Rules > Threat policies > Advanced delivery) so Defender does not (generally) devour our copies of the sightings. This is reinforced with policies just for SecOps at the top of the anti-phish, anti-spam and anti-malware policy tables.