Forum Discussion
Custom Quarantine Notification for Specific users
Hi Everyone, Is there any way to create a rule or alert policy to Notify Admin if the mail from Specific sender is getting Quarantined ? i tried but didnt fine any rules
Hey dhilipan ,
you could create a custom detection rule in M365 Defender for this and add a notification rule. The control for the notification rule is not too granular, unfortunately. In case you need more granularity for notification you would need to use e.g. Sentinel.
The query would be the following:EmailEvents
| where EmailAction == "Send to quarantine" and SenderFromAddress == "YOUR SENDER"
Hey dhilipan ,
you could create a custom detection rule in M365 Defender for this and add a notification rule. The control for the notification rule is not too granular, unfortunately. In case you need more granularity for notification you would need to use e.g. Sentinel.
The query would be the following:EmailEvents
| where EmailAction == "Send to quarantine" and SenderFromAddress == "YOUR SENDER"
