Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Preset policies have suddenly started notifying users of quarantined messages

Iron Contributor

Hi all.  We have been using preset policies (standard and strict) for some time and were happy with the fact that they don't notify users of messages which have been quarantined (and nor is it possible to change the notification policy).  However, quarantine notifications suddenly started turning up in users' mailboxes at the weekend.

 

Have Microsoft changed something or released an unplanned change?  Hoping you can help clarify the situation.

24 Replies

@AnonTechSpecialist I understand. I don't have an ETA on when we will address this but certainly agree with the ask and is top of mind for us.

@OzOscroft I can't believe how dumbfoundingly stupid this change is. It opens the quarantine up to inexperienced users and LOWERS my security and it defeats the purpose of having the rules by spamming my users with "you have spam" emails. 

It's time to start looking at moving the company to another platform for mail.

@OzOscroft 
The only way I've found to prevent users from being notified about quarantined messages is to disable the "Standard Protection" policy:

kleveille_0-1705509536854.png

Once you do that, your custom policies are now the priority and the other policies go back into effect:

kleveille_1-1705509670487.png

It's a "use at your own risk" scenario, which is unfortunate. I think it will also lower your Microsoft "Secure Score" if that's a metric you track. I'm still doing some reading to see if it affects any other components of the M365 Security system.

I would strongly prefer to be able to use Microsoft's recommended Standard or Secure preset security policies without having to worry that the end users will undermine the whole thing by releasing malicious messages into their mailboxes, but that isn't currently possible. :(

 

The most silly thing about this change has been that now I have end users emailing me asking about whether the quarantine notification emails they've suddenly started receiving are spam!

I'm tempted to say yes... we'll see.

@kleveille The other solution I found is that continuing to use O365 was becoming a liability. From the wide onmicrosoft.com domain allowing bots to spam us and flooded my users with these unwanted messages we moved our entire operation to GSuite. It's cut my operation costs to maintain email by at least half and not getting nearly as much spam from Microsoft's own domains.