SOLVED

Quarantine Administrator - more rights needed?

%3CLINGO-SUB%20id%3D%22lingo-sub-1105091%22%20slang%3D%22en-US%22%3EQuarantine%20Administrator%20-%20more%20rights%20needed%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1105091%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20everyone%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ei%20tried%20to%20deploy%20the%20new%20Quarantine%20Admin%20to%20the%20Admin%20users%20of%20our%20Office%20365%20admins.%3C%2FP%3E%3CP%3EAfter%20mail%20enabling%20the%20user%20object%20in%20Exchange%20on%20prem%20(which%20is%20needed%20btw)%20the%20user%20can%20access%20the%20quarantine%20without%20error%20message.%3C%2FP%3E%3CP%3EBut%20no%20mail%20is%20shown.%20Logging%20in%20as%20a%20global%20admin%20(myself)%20i%20can%20see%20many%20mails.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20followed%20this%20doc%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fde-de%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fmanage-quarantined-messages-and-files%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fde-de%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fmanage-quarantined-messages-and-files%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20anyone%20please%20advise.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1106650%22%20slang%3D%22en-US%22%3ERe%3A%20Quarantine%20Administrator%20-%20more%20rights%20needed%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1106650%22%20slang%3D%22en-US%22%3E%3CP%3EGot%20this%20mail%20today%20stating%3C%2FP%3E%3CP%3E%22On%20February%2010%2C%202020%2C%20we%20are%20updating%20the%20roles%20required%20to%20access%20and%20manage%20Quarantine%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EIf%20you%20use%20Exchange%20Online%20RBAC%20roles%20to%20manage%20Quarantine%20then%20you%20will%20need%20to%20assign%20the%20Security%20and%20Compliance%20Center%20Security%20Administrator%20or%20Quarantine%20Administrator%20role%20to%20the%20user(s)%20that%20require%20access%20to%20Quarantine.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EYou%20do%20not%20need%20to%20modify%20the%20existing%20Exchange%20Online%20roles.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20it%20mean%20i%20have%20to%20set%20the%20Exchange%20Quarantine%20Role%20additional%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1177126%22%20slang%3D%22en-US%22%3ERe%3A%20Quarantine%20Administrator%20-%20more%20rights%20needed%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1177126%22%20slang%3D%22en-US%22%3EIssue%20resolved%20-%20the%20role%20has%20been%20deployed.%20After%20that%20-%20Exchange%20Admins%20could%20no%20longer%20access%20the%20quarantine%20mails.%20I%20had%20to%20add%20them%20to%20%22Quarantine%20Administrator%22%20so%20that%20they%20can%20proceed.%3C%2FLINGO-BODY%3E
Contributor

Hi everyone,

 

i tried to deploy the new Quarantine Admin to the Admin users of our Office 365 admins.

After mail enabling the user object in Exchange on prem (which is needed btw) the user can access the quarantine without error message.

But no mail is shown. Logging in as a global admin (myself) i can see many mails.

 

I followed this doc: https://docs.microsoft.com/de-de/microsoft-365/security/office-365-security/manage-quarantined-messa...

 

Can anyone please advise.

 

Thanks

 

2 Replies

Got this mail today stating

"On February 10, 2020, we are updating the roles required to access and manage Quarantine"

 

If you use Exchange Online RBAC roles to manage Quarantine then you will need to assign the Security and Compliance Center Security Administrator or Quarantine Administrator role to the user(s) that require access to Quarantine.

You do not need to modify the existing Exchange Online roles.

 

Does it mean i have to set the Exchange Quarantine Role additional?

 

 

Best Response confirmed by Stephan G (Contributor)
Solution
Issue resolved - the role has been deployed. After that - Exchange Admins could no longer access the quarantine mails. I had to add them to "Quarantine Administrator" so that they can proceed.