Nov 01 2021 06:40 AM
Nov 01 2021 06:40 AM
Hello and hopefully this is the right forum. My work email is Outlook and is filtered through Windows Defender. I'm still not sure of what Defender does that the regular Junk email folder doesn't do.
But my question with an example... I work as an estimator and submit bids to owners. An issue I have with Defender is that it quarantines messages and tells me the next day that it quarantined a message. At this point, my bid was due the day before and I missed this vital piece of information that was quarantined with no real-time notifications. This is obviously extremely frustrating as I can lose bids and work for my company because of this delay. Bids are fast pace and busy in the last few hours before submission. I don't have time to keep checking other programs.
How can I get live updates for quarantined email. Heck, I'd like to turn off the email quarantine feature and just let the regular junk mail folder do its work. At least the junk mail folder has a live/real-time indicator.
Nov 05 2021 03:24 AM
Nov 10 2021 06:08 AM
Thanks for the reply and help. I'm not an admin but I do get notifications. I just get them the next day which is a day late, lol.
It's cludgy having to monitor a second account in a fast pace bid, but I guess if it can't be fixed, I'll have to use the work around.
Any idea why there is a spam folder in Outlook if there is a Quarantine site too? Why have both? If one isn't working good enough, why not get rid of it and only have one? If they are both working good enough, why have two?
Nov 10 2021 06:31 AM
Nov 10 2021 06:40 AM
Hi @Chris_Rokitski_ ,
The short answer is that an admin would implement Quarantine policies on a tenant to be able to "control what users are able to do to quarantined messages based on why the message was quarantined".In essence this is done to lower the risk by delegating that control from the user to the admin.
This can of course become an inconvenience if legitimate emails get frequently flagged as of potential risk but rather than getting in a "please allow this sender" logic your SOCs or IT Admins work should be focused around understanding why the other end is getting flagged up by Microsoft's Machine Learning as a potential threat.
From experience most of the time legitimate emails being flagged up are because the 3rd party sending you an email tends to use a mailer program that is not set up correctly with SPF and DKIM records, or they are legitimately spoofed.
In any case again the quick answer on whether this behaviour can be changed so you get all these items into your Junk folder rather than in quarantine is YES you can. At the expense of risk.
The setting is controlled via a number of policies in the backend set by your administrator. They have explicitly set for instance that "messaged detected as an impersonated user" would go to Quarantine instead of moving it to the Junk Folder. Example below of these individual settings from an Anti-Phishing policy (Anti-phishing - Microsoft 365 security)
Hope this helps!
Nov 16 2021 07:02 AM