Quarantining Files with Purview

Copper Contributor

Hi, does anyone have experience with how to quarantine files in Purview?  I think it's done through the policies?  How do we also quarantine OneDrive and SharePoint files?

3 Replies

Hi @rromeo863,

managing file quarantining in Microsoft Purview is facilitated through policies.

  1. Endpoint Data Loss Prevention (DLP):
    Microsoft Purview's Endpoint DLP supports Windows 10 (version 1809 or higher) and Windows 11, as well as the three latest releases of MacOS.
    Common questions on Microsoft Purview Data Loss Prevention for endpoints - Microsoft Community Hub

  2. Quarantining Files in OneDrive and SharePoint:
    Administrators in organizations using Microsoft Defender for Office 365 can manage files quarantined by Safe Attachments in SharePoint, OneDrive, and Microsoft Teams.
    To enable protection for these files, you need to configure admin quarantine settings in the Microsoft 365 Defender portal.
    Admin quarantine settings for Microsoft 365 SharePoint or OneDrive for Business must be set up before including files in the admin quarantine as part of a policy.
    This can be done by selecting Settings in the Microsoft 365 Defender portal, choosing Cloud Apps, and, under Information Protection, selecting Admin quarantine.
    Manage quarantined messages and files as an admin | Microsoft Learn
    Protect files with admin quarantine - Microsoft Defender for Cloud Apps | Microsoft Learn

Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.

If the post was useful in other ways, please consider giving it Like.

Kindest regards,

Leon Pavesic

Yes, this should be achieved by Microsoft Defender for Cloud Apps. You will need to create a SPO Site where quarantined OD4B or SPO files will be placed on hold until you or an admin release them.

If the post was useful, please consider giving it like.
Cheers, Al
In addition to the previous tips, you will want to look at https://learn.microsoft.com/en-us/purview/dlp-configure-endpoint-settings#auto-quarantine