"Defender" quarantine blocking emails notifying users of quarantined emails

Contributor
I'm sorry, but this product is defective. It blocks messages from Microsoft notifying the customer it has blocked a message. It blocks messages from Microsoft when requesting Migration Reports be sent to users. It blocks and doesn't notify because it's defective.

I have many tenants beginning to complain about missing emails they are expecting because the email sent to notify them there's something in a quarantine that they don't even know they have are getting blocked by the same product they don't know they have had forced on them.

By default.

You HAVE to turn this OFF.
2 Replies
This is probably happening since the sender domain does not pass SPF and DMARC authentication. The quarantine notifications are being sent from "Email address removed" but the emails do not pass SPF and DMARC checks. Since Microsoft.com DMARC gets applied to emails from subdomain "messaging.microsoft.com", the emails get marked as spoof since DMARC of microsoft.com is set to reject emails spoofing their domain: v=DMARC1; p=reject; pct=100; rua=mailto:Email address removed; ruf=mailto:Email address removed; fo=1

Easy solution: You can whitelist the sender in Anti-spam policy or create a mail flow rule to set SCL= -1 when sender is "Email address removed".
You're probably right, but that's not in my category of things I should fix. That's Microsoft's responsibility.