Defender for Office 365 and quarantined objects in shared mailboxes with security groups

Occasional Contributor

Hello everyone, I hope to get a best practice or definitive answer on how to solve my current issue with releasing objects from quarantine.


Situation: AD sync to O365 (users, groups, devices), Mailboxes are in Exchange Online (hybrid Exchange for some subsidiaries). Users have M365 E3 + Defender P1 for threat protection.


Issue: We have several shared mailboxes, where multiple users have access to. While users can release quarantined objects as long as they have been given full access to the shared mailbox individually, they will receive an error, when I give them access to the mailbox through a synced AD group.


Reason for using synced AD groups is the easier management and controlling of access to shared mailboxes. While the access itself works like a charm, and even accessing the quarantine of such shared mailbox, releasing mails doesn´t.


User get´s following error: "The operation couldn´t be performed because the user does not have the authorization."


Any advice or how are other bigger org´s handling this, maybe I´m totally wrong here? If this is already on Microsofts schedule or backlog, then forgive me, didn´t find anything on this.



12 Replies

Looks like a scenario that Microsoft hasnt addressed (yet?), adding @Arindam Thokder just in case.

best response confirmed by Vasil Michev (MVP)

@Vasil Michev - We are already working on a feature to access quarantine for shared mailbox where permission is granted through security groups. I hope I can share something around early second half of the year 2021

Great to hear that and thanks for the quick response, looking forward to it.
Hello, we are hoping to have the shared mailbox access to quarantine portal through synced AD group worldwide by end of April 2022. I will monitor this thread to update as the time draws closer.

April has passed. Is there an updated ETA?

Hello @Faith-Ebenezer_Oquong, should this feature also apply when mails are routed through EXO/EOP, but the AD-accounts/mailboxes (User, Shared) are still on-prem? All objects in my case are synced to the cloud.

I can confirm that On-prem is not supported in our current scenario but will be in the near future



i have the same issue regarding the 365 Defender - Quarantine on one of our shared mailboxes:


The operation couldn't be performed because the user does not have the authorization


any help you can provide would be greatly appreciated.

@RamosJuan you can raise a support with the support channel available for your organization. have the request assigned to me