Forum Discussion
Instant/Live Alerts for Quarantined Emails
Are you an admin of your organization? You could set up notifications when email goes in quarantine to a certain account. Else you could navigate to: https://security.microsoft.com/quarantine?viewid=Email
This should provide you a personalised view of your quarantined emails.
Finally you can also have your Admin change where the emails end up if you'd prefer these going to the junk folder rather than Quarantine.
Let me know if this helped?
Thanks for the reply and help. I'm not an admin but I do get notifications. I just get them the next day which is a day late, lol.
It's cludgy having to monitor a second account in a fast pace bid, but I guess if it can't be fixed, I'll have to use the work around.
Any idea why there is a spam folder in Outlook if there is a Quarantine site too? Why have both? If one isn't working good enough, why not get rid of it and only have one? If they are both working good enough, why have two?
- Ricky Simpson
Microsoft
Hi Chris,
This forum is focused on Defender for Identity. I'm guessing that based on the nature of your query, you'd be better placed asking about this in the Defender for O365 forum, which is the product we have that's designed to protect the email and collaboration space.
I'd probably suggest that you speak to your IT admins too - there's a tonne of options available around populating allow lists for known recipients and other settings that could make your experience more streamlined.
Hope this helps solve your problem eventually.- Thanks for pointing out the forum. I'll pop over there and see what I can find.
Hi Chris_Rokitski_ ,
The short answer is that an admin would implement Quarantine policies on a tenant to be able to "control what users are able to do to quarantined messages based on why the message was quarantined".In essence this is done to lower the risk by delegating that control from the user to the admin.
This can of course become an inconvenience if legitimate emails get frequently flagged as of potential risk but rather than getting in a "please allow this sender" logic your SOCs or IT Admins work should be focused around understanding why the other end is getting flagged up by Microsoft's Machine Learning as a potential threat.
From experience most of the time legitimate emails being flagged up are because the 3rd party sending you an email tends to use a mailer program that is not set up correctly with SPF and DKIM records, or they are legitimately spoofed.
In any case again the quick answer on whether this behaviour can be changed so you get all these items into your Junk folder rather than in quarantine is YES you can. At the expense of risk.
The setting is controlled via a number of policies in the backend set by your administrator. They have explicitly set for instance that "messaged detected as an impersonated user" would go to Quarantine instead of moving it to the Junk Folder. Example below of these individual settings from an Anti-Phishing policy (Anti-phishing - Microsoft 365 security)
Anti-phishing policyHope this helps!
- Where did you find this menu? I showed it to my support department and they could not find it to be able to access it.
