Forum Discussion
Defender of XDR - Quarantine - Lack of filter/search options
Hi Microsoft,
I love what you're doing with the Defender XDR portal, but could you please show some love to the Quarantine section soon?
On a daily basis, I have to review emails caught in quarantine for false positives, and the lack of search and filtering options is appalling.
As a company based in Denmark, 99% of legitimate emails come from .dk domains. Yet there is no way to search for or filter on something this simple.
If I type .dk into the search box, I get 0 results, even though I can clearly see .dk sender addresses on the page. The filter options only allow me to enter full sender or recipient email addresses, which is of course almost useless in a quarantine-review context.
Some examples of filters that would be extremely useful:
- Sender domain ends with .dk
- Sender domain contains .dk
- URL domain filtering
- Attachment name filtering
- Saved filter views
- More flexible search across message properties
The Quarantine experience could be made dramatically better with relatively little effort.
So please, pretty please, give the Quarantine portal some attention. It's often the part of Defender that security teams interact with every single day.
1 Reply
Hi, I agree this is a real pain point, especially when quarantine review is a daily operational task. As a workaround, I’d use Explorer or Advanced Hunting where available to narrow down message sender, recipient, domain, subject, and delivery details before taking action in quarantine. It is not as smooth as having proper quarantine filters, but it can reduce the amount of manual checking. I’d also submit this through the Defender portal feedback option, because filtering by sender domain and recipient domain would be a very reasonable feature request for security teams.