Forum Discussion

OzOscroft's avatar
OzOscroft
Iron Contributor
Mar 21, 2023

Preset policies have suddenly started notifying users of quarantined messages

Hi all.  We have been using preset policies (standard and strict) for some time and were happy with the fact that they don't notify users of messages which have been quarantined (and nor is it possib...
  • alexhudish's avatar
    alexhudish
    Mar 25, 2023
    MC505088
teetotal_mike's avatar
teetotal_mike
Copper Contributor

OzOscroft Our users have reported this too. My biggest concern is that a user may inadvertently release emails that have been correctly identified as phishing/malware and action them, making the quarantine system pointless.

OzOscroft's avatar
OzOscroft
Iron Contributor
Mar 24, 2023

teetotal_mike TV202 - thanks for confirming my suspicions that it's a change Microsoft have made, nothing we've done.  For info., we first noticed it on Saturday 17th March, was this the same with you?  We also think it's only affecting those covered by the strict preset policy rather than those on standard - is this your experience as well please?

 

For info., I've raised a ticket with Microsoft and will keep you posted.

  • teetotal_mike's avatar
    teetotal_mike
    Copper Contributor
    Mar 24, 2023

    OzOscroft They seem to have started in the early hours of the 18th for us (UK time). Users on the standard policies are receiving the notifications here too, so it would appear to be a global issue.

    • TV202's avatar
      TV202
      Copper Contributor
      Mar 24, 2023

      teetotal_mike the planned changes from Microsoft applied to both strict and standard policies.

       

      (Updated) Exchange Online Protection: Bulk Filter (BCL) Improvements
      MC467231 · Published Nov 15, 2022 · Last updated Feb 7, 2023

      ADMIN IMPACT
      FEATURE UPDATE


      Message Summary
      Updated February 7, 2023: We have updated the rollout timeline below. Thank you for your patience.
      Exchange Online Protection (EOP) assigns a bulk complaint level (BCL) to inbound messages from bulk mailers. A higher BCL indicates a bulk message is less likely to be wanted by the user.
      We are rolling out several changes in how we allocate BCL scores to messages to provide more accurate scoring and coverage for bulk messages. We are also updating the threshold for the strict policy from 4 to 5 to better align with the new scoring. In addition, customers using Microsoft Defender for Office P2 or customers with E5 licenses will be able to view the BCL score for a message in advanced hunting.


      When this will happen:
      We will begin rolling out in mid-November and expect to complete rollout by late April (previously January).


      How this will affect your organization:
      This change is expected to improve the handling of bulk messages within your organization and should not impact users. In the case of aggressive bulk settings where the threshold is 4 or less, may result in wanted bulk messages being called bulk and it is recommended that such policies be reviewed.


      What you need to do to prepare:
      There is nothing you need to do; however, it is good practice to review your Antispam policies to ensure that you have an appropriate value for BCL, particularly if you have a threshold of 4 or less.

      • OzOscroft's avatar
        OzOscroft
        Iron Contributor
        Mar 27, 2023

        Thanks TV202 .  The change you've highlighted is about how bulk messages are flagged and handled.  It doesn't mention anything about changing notifications and even says there should be no impact on users.  Unforutnately I therefore don't think this answers why users have suddenly started receiving quarantine notifications.

Resources