The Exchange Quarantine is where you can find messages that are so likely to be spam or phishing that Microsoft didn’t bother delivering them to you. From the user perspective, there is no sign that a message was sent; it won’t even appear in their junk folder. Most of the time this system works as intended, shielding your people from clearly inappropriate messages or cyberattacks.
However, it is possible that some legitimate emails can get stuck in your quarantine. The most common reason is a poor sending domain reputation. Maybe the sender has been reported for spamming or other similar activities. Because it is possible for real messages to get stuck in quarantine, we recommend having someone from your organization periodically check the quarantine to catch any real correspondence.
Aldridge CIO, Chad Hiatt, recorded a walkthrough of the quarantine console. This recording covers most of the content in this article for those that prefer videos.
How To Access Quarantine
The quarantine console is only available to users who are designated as Quarantine Administrators. Assuming you have the appropriate privileges, you can access your organization’s quarantine directly by going to security.microsoft.com/quarantine.
Managing Quarantined Emails
Within the quarantine console, you can see every email that was captured by your organization’s central spam filtering. There are a few things you can do with these emails:
- Release Email – You can allow the message to send to its original recipients, or you can add/remove recipients. You will also have the option to send the email back to Microsoft and report it as a false positive to help prevent similar messages from getting filtered in the future.
- Share Email – Add users to receive copies of the message.
- View Message Headers – Displays email header for further analyzing.
- Preview Message – Can see the email’s source code or display it as plain text.
- Delete From Quarantine – Removes the e-mail from your quarantine without sending the message to anyone.
- Download E-Mail – Should be done with caution, you do not want to download and open a malicious email.
- Block Sender – Adds the sender to your organization’s block list.
- Submit Only – This allows you to send the message back to Microsoft and report it as a false positive or negative, or you can find out what policies caused this message to get quarantined.
You are able to select multiple emails and apply bulk actions as needed:
Adjusting Quarantine Filtering
Your IT team has the ability to adjust your central spam filtering. If you’re finding that too many legitimate emails are getting caught in quarantine, you can lower the overall organizational spam filtering. Lowering the spam threshold may require your users to manage their junk email on a more individual basis. If too much junk email is getting through you may want to increase your overall spam filtering. Raising your spam filtering may necessitate assigning someone from your team to periodically check the quarantine for legitimate messages.