cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Microsoft Secure Tech Accelerator
Apr 13 2023, 07:00 AM - 12:00 PM (PDT)
Microsoft Tech Community
Find out more
SOLVED

Enable Quarantine Notifications for Strict protection (Strict Preset Security Policy)

Kiril
Regular Contributor

‎Dec 07 2022 09:18 AM

‎Dec 07 2022 09:18 AM

Enable Quarantine Notifications for Strict protection (Strict Preset Security Policy)

How can I enable quarantine notifications for the preset strict protection policies. There is no way to assign a quarantine policy to strict protection policies.

2,331 Views
0 Likes
10 Replies
Reply
10 Replies
Vasil Michev

‎Dec 07 2022 11:33 PM

‎Dec 07 2022 11:33 PM

Re: Enable Quarantine Notifications for Strict protection (Strict Preset Security Policy)

For the Strict policy, both SpamAction and HighConfidenceSpamAction are already set to Quarantine. You can verify this via PowerShell and the Get-HostedContentFilterPolicy cmdlet.
1 Like
Reply
Kiril

‎Dec 07 2022 11:37 PM

‎Dec 07 2022 11:37 PM

Re: Enable Quarantine Notifications for Strict protection (Strict Preset Security Policy)

Got it, thanks! But this does not trigger quarantine notifications (mail to user). The messages are moved to quarantine, without notifying the user.
0 Likes
Reply
Vasil Michev

‎Dec 08 2022 08:14 AM

‎Dec 08 2022 08:14 AM

Re: Enable Quarantine Notifications for Strict protection (Strict Preset Security Policy)

Check your Quarantine policy as well, by default notifications should be enabled. But the period might be too long (IIRC 3 days is the default one).
1 Like
Reply
Kiril

‎Dec 08 2022 08:37 AM - edited ‎Dec 08 2022 09:11 AM

‎Dec 08 2022 08:37 AM - edited ‎Dec 08 2022 09:11 AM

Re: Enable Quarantine Notifications for Strict protection (Strict Preset Security Policy)

@Vasil Michev 

(from: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/quarantine-policies)

The default policies don't have notifications enabled:

Kiril_0-1670517117966.png

 

It's also not possible to edit the two default quarantine policies (DefaultFullAccessPolicy and AdminOnlyAccessPolicy):

 

Kiril_1-1670517251131.png

 

I could create a new quarantine policy, but how should I assign the quarantine policy to the strict policy?

 

Kiril_2-1670517407379.png

 

 

There is no option to edit the strict policy.

 

Or should I just go the PowerShell way?

0 Likes
Reply
Vasil Michev

‎Dec 08 2022 11:52 PM

‎Dec 08 2022 11:52 PM

Re: Enable Quarantine Notifications for Strict protection (Strict Preset Security Policy)

At least in my tenant, the "Strict" policy uses NotificationEnabledPolicy for Quarantine, and that one can be edited to enable notifications. The frequency of notifications themselves can be toggled via the "Global" settings button on top of the Quarantine policies page.
1 Like
Reply
Kiril

‎Dec 09 2022 02:15 AM

‎Dec 09 2022 02:15 AM

Re: Enable Quarantine Notifications for Strict protection (Strict Preset Security Policy)

@Vasil Michev thanks! I think this is not the case in my tenant. When I check the policy using PowerShell I get the following output:

Get-HostedContentFilterPolicy "Strict Preset Security*" | fl

SpamQuarantineTag                        : DefaultFullAccessPolicy
HighConfidenceSpamQuarantineTag          : DefaultFullAccessPolicy
PhishQuarantineTag                       : DefaultFullAccessPolicy
HighConfidencePhishQuarantineTag         : AdminOnlyAccessPolicy
BulkQuarantineTag                        : DefaultFullAccessPolicy

EndUserSpamNotificationFrequency         : 3
EnableEndUserSpamNotifications           : True
EndUserSpamNotificationCustomFromAddress :
EndUserSpamNotificationCustomFromName    :
EndUserSpamNotificationCustomSubject     :
EndUserSpamNotificationLanguage          : Default
EndUserSpamNotificationLimit             : 0

 Looks like it's not enabled, or am I confusing someting?

0 Likes
Reply
best response confirmed by Kiril (Regular Contributor)
Vasil Michev

‎Dec 09 2022 08:16 AM

‎Dec 09 2022 08:16 AM

Solution

Re: Enable Quarantine Notifications for Strict protection (Strict Preset Security Policy)

Well, the DefaultFullAccessPolicy quarantine policy has notifications disabled, and you cannot toggle that. And I guess it overrides the notification settings within the Strict policy. So create a new policy (or use the NotificationEnabledPolicy) and change the settings via PowerShell:

[18:12:54][O365]# Set-HostedContentFilterPolicy "Strict Preset Security*" -PhishQuarantineTag NotificationEnabledPolicy
WARNING: All recommended properties will be controlled by Microsoft.
[18:13:00][O365]# Get-HostedContentFilterPolicy "Strict Preset Security*" | fl PhishQuarantineTag

PhishQuarantineTag : NotificationEnabledPolicy

Rinse and repeat for all other actions as needed.
1 Like
Reply
Kiril

‎Dec 09 2022 08:19 AM

‎Dec 09 2022 08:19 AM

Re: Enable Quarantine Notifications for Strict protection (Strict Preset Security Policy)

Thank you, just did that. Works!
0 Likes
Reply
Jim Shilliday

‎Dec 30 2022 03:55 PM

‎Dec 30 2022 03:55 PM

Re: Enable Quarantine Notifications for Strict protection (Strict Preset Security Policy)

@Kiril-- It can't be done; those things are backed in.  But there's nothing in the "Strict" or "Standard" policies that you can't duplicate by creating a new policy yourself that includes user notification.  I did that when I realized I would have to release all the junk from quarantine myself -- no way was that happening.

0 Likes
Reply
Kiril

‎Jan 02 2023 12:52 AM

‎Jan 02 2023 12:52 AM

Re: Enable Quarantine Notifications for Strict protection (Strict Preset Security Policy)

@Jim Shilliday 

 

You can use PowerShell to modify some parts of the Standard and Strict preset policies.

 

This command show you which policy is applied for a High confidence spam message action:

 

Get-HostedContentFilterPolicy "Strict Preset Security Policy Name" | fl Name,HighConfidenceSpamAction,HighConfidenceSpamQuarantineTag

 

Now, if you have a Quarantine policy with notifications enabled (e.g. NotificationEnablePolicy) you can update the preset policy:

 

 

Set-HostedContentFilterPolicy "Strict Preset Security Policy Name" -HighConfidenceSpamQuarantineTag NotificationEnablePolicy

 

 

0 Likes
Reply