Admin quarantine option is unavailable for malware detected files in MDCA
Howdy! MDCA Brain Trust, I've configured Admin Quarantine location as per the following Microsoft guidance. Created a brand new SPO site and assigned it in the setting. It's been about 3 days (waited before I post this here as it may take a while to reflect the change). https://learn.microsoft.com/en-us/defender-cloud-apps/use-case-admin-quarantine Admin quarantine option however, is still not available for Files detected by MDCA as malicious. Ideally, I should be able to Admin quarantine OneDrive, SPO files detected as malware. I can however, see the Admin Quarantine option in the governance actions in policies but, this isn't the option we're after. Also, Microsoft says MDCA will provision a new folder (See below) in the site which I don't see either. Has anyone experienced/worked around this issue? Appreciate any suggestions to sort this out! Thank you! ManojSharePoint site security configurations for Defender Cloud Apps Admin Quarantine Feature
Referring to Microsoft official documentation below which is very high-level, has anyone done/would recommend hardening or applying security measures to secure the SharePoint site dedicated for "Admin Quarantine" purpose?. It shouldn't be just as simple as creating a separate site and setting in the Defender portal as this should not be exposed to the rest of the organization, in my view. Shouldn't we at a minimum, restrict the permissions of the site? Official reference - Protect files with admin quarantine - Microsoft Defender for Cloud Apps | Microsoft Learn Any ideas are greatly appreciated ! Thank you!
