cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Bulk release of Quarantined Messages (PowerShell) and Release Requests

FcoManigrasso
Iron Contributor

‎Mar 21 2023 08:40 AM

‎Mar 21 2023 08:40 AM

Bulk release of Quarantined Messages (PowerShell) and Release Requests

Many times we need to release lots of quarantined messages, and all we know the limitation, ( and time consuming ), that we face in the security admin portal.

 

With the following cmdlts you'll be able to filter, check and release users quarantined messages.
I'll explain only some options, ( that we'll use the most ), but you can find many other filtering options in the articles at the end of this post.

 

Example:

 

Get-QuarantineMessage -PageSize 500 -QuarantineTypes Bulk,Phish,Spam -RecipientAddress "EmailAddress"

 

With this cmdlt you'll get a list of the quarantined messages sent to a specific user.


Instead of -RecipientAddress we can use -SenderAddress in order to filter by sender or, both to filter the quarantined messages sent by a specific address to a specific user.

 

The -PageSize can be configured from 1 to 1000. This is the output size you'll get in PS.

You can filter by -Quarantinetypes or -Type. If you don't use this, you'll get all quarantined messages. Valid Quarantine types are:

 

Bulk
HighConfPhish
Malware
Phish
Spam
SPOMalware (Microsoft Defender for Office 365 only)
TransportRule

 

You can complete the previous cmdlt with | Release-QuarantineMessage -ReleaseToAll

 

Example:

 

Get-QuarantineMessage -PageSize 500 -QuarantineTypes Bulk,Phish,Spam -RecipientAddress "EmailAddress" | Release-QuarantineMessage -ReleaseToAll

 

This will release the previous filtered messages.

NOTE: If some messages were already released, the cmdlt will skip those and will not release them again.

You can also report false positive to MS with: -ReportFalsePositive


Sources:

Get-QuarantineMessage (ExchangePowerShell) | Microsoft Learn

Release-QuarantineMessage (ExchangePowerShell) | Microsoft Learn

 

Extra tip:

 

Recently one Admin asked about how to filter the users Release Requests in the Admin Center, in order to control those request and ensure they're being released.

 

For that, navigate to https://security.microsoft.com 

On the left menu, click on "Review" and then on "Quarantine" in the central window. 

Now you're in the Quarantine queue view. 

Click on "Filter" (upper right icon) and, with many other filtering options, you'll find "Release requested" (see screenshot below). 

Applying this filter, you'll then see only the Quarantined messages for those that a Release Request was launched by the user. So you can easily work with that queue and empty it if required.

 

FcoManigrasso_0-1679413189234.png

 

 

 

7,764 Views
0 Likes
0 Replies
Reply
0 Replies