Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Custom Quarantine Notification for Specific users

Copper Contributor

Hi Everyone, Is there any way to create a rule or alert policy to Notify Admin if the mail from Specific sender is getting Quarantined ? i tried but didnt fine any rules

1 Reply
best response confirmed by dhilipan (Copper Contributor)
Solution

Hey @dhilipan ,
you could create a custom detection rule in M365 Defender for this and add a notification rule. The control for the notification rule is not too granular, unfortunately. In case you need more granularity for notification you would need to use e.g. Sentinel. 
The query would be the following:

EmailEvents
| where EmailAction == "Send to quarantine" and SenderFromAddress == "YOUR SENDER"
1 best response

Accepted Solutions
best response confirmed by dhilipan (Copper Contributor)
Solution

Hey @dhilipan ,
you could create a custom detection rule in M365 Defender for this and add a notification rule. The control for the notification rule is not too granular, unfortunately. In case you need more granularity for notification you would need to use e.g. Sentinel. 
The query would be the following:

EmailEvents
| where EmailAction == "Send to quarantine" and SenderFromAddress == "YOUR SENDER"

View solution in original post