Feb 06 2023 04:36 AM
I'm getting dinged in Microsoft Secure Score for "Retain spam in quarantine for 30 days". When I check my policies, they're configured to retain suspected spam for only 15 days.
I've done lots of googling, and can find lots of places saying 30 days is the default - apparently it's even a question on the MS-500 exam - but nothing to indicate why Microsoft believe keeping it longer is more secure.
The only thing I can think of is data integrity - you're giving users a month to realise they're missing a false positive rather than two weeks - but then 30 days seems very arbitrary. If I set it to 31 am I even more secure?
I'm happy with 15 days and feel little need to double my Quarantine storage needs, but I worry maybe I'm missing something?
Feb 06 2023 07:51 AM
SolutionFeb 06 2023 09:03 AM