Dec 07 2022 09:18 AM
How can I enable quarantine notifications for the preset strict protection policies. There is no way to assign a quarantine policy to strict protection policies.
Dec 07 2022 11:33 PM
Dec 07 2022 11:37 PM
Dec 08 2022 08:14 AM
Dec 08 2022 08:37 AM - edited Dec 08 2022 09:11 AM
(from: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/quarantine-policies)
The default policies don't have notifications enabled:
It's also not possible to edit the two default quarantine policies (DefaultFullAccessPolicy and AdminOnlyAccessPolicy):
I could create a new quarantine policy, but how should I assign the quarantine policy to the strict policy?
There is no option to edit the strict policy.
Or should I just go the PowerShell way?
Dec 08 2022 11:52 PM
Dec 09 2022 02:15 AM
@Vasil Michev thanks! I think this is not the case in my tenant. When I check the policy using PowerShell I get the following output:
Get-HostedContentFilterPolicy "Strict Preset Security*" | fl
SpamQuarantineTag : DefaultFullAccessPolicy
HighConfidenceSpamQuarantineTag : DefaultFullAccessPolicy
PhishQuarantineTag : DefaultFullAccessPolicy
HighConfidencePhishQuarantineTag : AdminOnlyAccessPolicy
BulkQuarantineTag : DefaultFullAccessPolicy
EndUserSpamNotificationFrequency : 3
EnableEndUserSpamNotifications : True
EndUserSpamNotificationCustomFromAddress :
EndUserSpamNotificationCustomFromName :
EndUserSpamNotificationCustomSubject :
EndUserSpamNotificationLanguage : Default
EndUserSpamNotificationLimit : 0
Looks like it's not enabled, or am I confusing someting?
Dec 09 2022 08:16 AM
SolutionDec 09 2022 08:19 AM
Dec 30 2022 03:55 PM
@Kiril-- It can't be done; those things are backed in. But there's nothing in the "Strict" or "Standard" policies that you can't duplicate by creating a new policy yourself that includes user notification. I did that when I realized I would have to release all the junk from quarantine myself -- no way was that happening.
Jan 02 2023 12:52 AM
You can use PowerShell to modify some parts of the Standard and Strict preset policies.
This command show you which policy is applied for a High confidence spam message action:
Get-HostedContentFilterPolicy "Strict Preset Security Policy Name" | fl Name,HighConfidenceSpamAction,HighConfidenceSpamQuarantineTag
Now, if you have a Quarantine policy with notifications enabled (e.g. NotificationEnablePolicy) you can update the preset policy:
Set-HostedContentFilterPolicy "Strict Preset Security Policy Name" -HighConfidenceSpamQuarantineTag NotificationEnablePolicy
Apr 16 2023 04:43 PM - edited Apr 16 2023 04:43 PM
AS at April 2023 any attempted adjustments to Standard or strict presets produces the following output...
WARNING: All recommended properties will be controlled by Microsoft.
and no changes are made
Apr 24 2023 01:41 AM
May 03 2023 08:59 PM
I am trying to do the same with my standard/strict policies and the values aren't changing.
After the attempt to set the new notification policy, the recheck with
Get-HostedContentFilterPolicy "Standard Preset Security*" | fl
returns the same result as before.
So, no, can't assign a different quarantine policy.
May 11 2023 10:27 AM - edited May 12 2023 09:09 AM
Same here. We were told by MS support to activate preset security policies to get less false negatives (our custom policies sometimes failed to quarantine phishing emails, even though they were more restrictive than the standard preset). But the standard preset activates quarantine notifications, which we don't want, and there is no way to edit the preset policies, as shown here. Presets cannot be edited in any way. They are maintained by MS.
The fact that presets always have priority over custom policies is strange, as we could have wildly different settings in our custom policy and those would be entirely ignored. This is why we opted out of presets.
May 14 2023 03:17 PM
We've ditched pre-sets and are using @Alex Fields PS scripts to setup the same defaults. See the standard and custom protection scripts. We did this to give us some granularity over Quarantine.
https://github.com/vanvfields/Microsoft-365/tree/master/Exchange%20Online
We subscribe to Alex's is Peer group which includes docs https://www.itpromentor.com/membership/
May 24 2023 01:34 AM
We've also disabled the presets but we were told by MS that they help reducing the amount of false negatives, and we were able to confirm this. Furthermore, MS maintains those presets and can update them when new threats emerge, resulting in a more efficient, up-to-date protection that we could not possibly match with our custom security policies.
I really wish MS would give us the option to choose which quarantine notifications to send to end users, or change the priority to make custom policies take precedence over presets...
May 25 2023 07:44 PM
Oct 16 2023 12:23 AM
We would also like to enable preset security policy but due to the fact that users get quarantine notifications I had to disable the policies. if anyone have an idea on how to change this I would very much like to get that information.
according to the information in this link https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/quarantine-quarantine-n...
quarantine notification policy with the name DefaultFullAccessWithNotificationPolicy is used to preset security policies (and I see no information about that this can be changed).
Dec 10 2023 07:23 PM
Dec 09 2022 08:16 AM
Solution