Restore original mail due to deleted type of malware mail

%3CLINGO-SUB%20id%3D%22lingo-sub-1700635%22%20slang%3D%22en-US%22%3ERestore%20original%20mail%20due%20to%20deleted%20type%20of%20malware%20mail%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1700635%22%20slang%3D%22en-US%22%3E%3CP%3EMicrosoft%20Protection%20mail%20service%20detected%20malware%20and%20deleted.%20Is%20it%20possible%20to%20download%20original%20mail%20to%20analyse%20%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1708753%22%20slang%3D%22en-US%22%3ERe%3A%20Restore%20original%20mail%20due%20to%20deleted%20type%20of%20malware%20mail%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1708753%22%20slang%3D%22en-US%22%3E%3CP%3EHey%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F804610%22%20target%3D%22_blank%22%3E%40ByamB4%3C%2FA%3E%2C%3C%2FP%3E%0A%3CDIV%3E%3CSPAN%20style%3D%22font-family%3A%20inherit%3B%22%3EWhen%20MS%20Defender%20for%20Office%20detects%20an%20email%20that%20contains%20a%20malware%2C%20there%20are%20several%20options%3A%20quarantine%2C%20move%20to%20deleted%20items%20folder%2C%20and%20others.%20%3CBR%20%2F%3EIf%20the%20email%20was%20quarantined%2C%20you%20can%20analyze%20the%20malware%20file%20using%20the%20Threat%20Management%20capabilities%20%3C%2FSPAN%3E%3CA%20style%3D%22font-family%3A%20inherit%3B%20background-color%3A%20%23ffffff%3B%22%20title%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fmanage-quarantined-messages-and-files%3Fview%3Do365-worldwide%23atp-only-use-the-security--compliance-center-to-manage-quarantined-files%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fmanage-quarantined-messages-and-files%3Fview%3Do365-worldwide%23atp-only-use-the-security--compliance-center-to-manage-quarantined-files%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fmanage-quarantined-messages-and-files%3Fview%3Do365-worldwide%23atp-only-use-the-security--compliance-center-to-manage-quarantined-files%3C%2FA%3E%3CSPAN%20style%3D%22font-family%3A%20inherit%3B%22%3E.%3C%2FSPAN%3E%3CDIV%20data-tid%3D%22messageBodyContainer%22%3E%0A%3CDIV%20data-tid%3D%22messageBodyContent%22%3E%0A%3CDIV%3EFor%20more%20information%20about%20additional%20investigation%20options%2C%20see%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%3E%3CA%20title%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Finvestigate-malicious-email-that-was-delivered%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Finvestigate-malicious-email-that-was-delivered%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Finvestigate-malicious-email-that-was-delivered%3CBR%20%2F%3E%3C%2FA%3E%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

Microsoft Protection mail service detected malware and deleted. Is it possible to download original mail to analyse ?

1 Reply

Hey @ByamB4,

When MS Defender for Office detects an email that contains a malware, there are several options: quarantine, move to deleted items folder, and others.
If the email was quarantined, you can analyze the malware file using the Threat Management capabilities
https://docs.microsoft.com/microsoft-365/security/office-365-security/manage-quarantined-messages-an....
For more information about additional investigation options, see 
For more information about Threat Explorer capabilities, see 
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/threat-explorer?view=o36...
Please note that download in cases for Explorer, would not work for if the message was permanently deleted by the user (message was not present in deleted folder), or was soft deleted/hard deleted by admin.