Jan 18 2022 04:33 AM
Hi,
We have multiple Quarantine admins in our organization.
The admins work across different time zones and act on the Quarantined emails.
Currently we don't know if an email was already attended by another admin.
I would like to know if there is a facility to add comments/notes for each item in the Quarantine, so that if one of the admins worked on a particular item he/she can add a simple note to it.
Jan 18 2022 09:04 AM
Feb 15 2022 01:50 PM
Feb 15 2022 09:23 PM
Feb 16 2022 08:11 PM
Feb 27 2022 10:47 AM - edited Feb 27 2022 10:51 AM
If you are engaging hostile mail with mail flow rules, you can have actions to add a subject line tag or a header to intercepted messages before you send them to the hosted quarantine.
I audit most of my mail flow rules with a week-end PowerShell script doing get-maildetailtransportrulereport -transportrule $rule on the more interesting ones. If you have a rule with a very high engagement rate, you may run into throttling problems.
To answer the original posting, would it not be worth saying that if an analyst takes the time to examine a message in the hosted quarantine, that message should then be deleted? If the prior action was to release or download, that might also appear in the audit?