Forum Discussion
Use KQL or advanced hunting to show the list of quarantine email with release status: Release reques
Hi team,
I am looking for a solution to list the quarantine email with release status: Release requested.
Either with advanced hunting or Ms Sentinel.
I am able to extract the list of the whole email on quarantine or released email but not emails that users asked to release from quarantine.
is there any table or kql query that let me extract only emails that users asked to release from quarantine.
Thank you.
1 Reply
Hi Nidhal
I too am looking for that data and i just came across the release action in Advanced Hunting in MDE.
EmailEvents| where LatestDeliveryAction contains "Quarantine release"
