SOLVED

Why is it secure to keep messages longer in Quarantine?

Copper Contributor

I'm getting dinged in Microsoft Secure Score for "Retain spam in quarantine for 30 days". When I check my policies, they're configured to retain suspected spam for only 15 days.

I've done lots of googling, and can find lots of places saying 30 days is the default - apparently it's even a question on the MS-500 exam - but nothing to indicate why Microsoft believe keeping it longer is more secure.

The only thing I can think of is data integrity - you're giving users a month to realise they're missing a false positive rather than two weeks - but then 30 days seems very arbitrary. If I set it to 31 am I even more secure? :smile:

I'm happy with 15 days and feel little need to double my Quarantine storage needs, but I worry maybe I'm missing something?

2 Replies
best response confirmed by Graham_Hill_UWL (Copper Contributor)
Solution
We put most of our customers at 30 days, mainly because 15 is not enough, especially where we are in the world, people tend to take 15+ days in a row vacations and they don’t always check email during that time.
Oh, of course. I take too little vacation myself so that hadn't occurred to me!

Thanks
1 best response

Accepted Solutions
best response confirmed by Graham_Hill_UWL (Copper Contributor)
Solution
We put most of our customers at 30 days, mainly because 15 is not enough, especially where we are in the world, people tend to take 15+ days in a row vacations and they don’t always check email during that time.

View solution in original post