Quarantine FAQ for Office 365

This topic includes frequently asked questions and answers about the quarantined email in Office 365.

Question: How do I configure the service to send filtered messages to the quarantine?

Answer: By default, content-filtered messages are sent to the recipients' Junk Email folder, except phishing messages, which are sent to the quarantine. However, admins can create content filter policies to send other filtered messages to the quarantine instead of to users. See Configure your spam filter policies.

Q: Does the service have administrator and user management of quarantined messages?

A: As an admin, you can search for and view details about all quarantined email messages in the Security & Compliance Center in Office 365. After you find the message, you can release it to specific users and, optionally, report it as a false positive (not junk) to the Microsoft Spam Analysis Team. You can also choose to always accept email from that sender in the future. See Find and release quarantined messages as an administrator.

A user without admin privileges can manage their own quarantined messages by doing the following:

  • Use the quarantine user interface.

  • Respond to user spam notification messages. The user's admin has to enable this feature first.

Q: How do I grant access to the quarantine for my users?

A: First, users must have a valid Office 365 user ID and password. EOP customers that are protecting on-premises mailboxes must have valid email users created by using directory synchronization. If you're an EOP admin managing users, see Manage mail users in EOP. For EOP standalone customers, we recommend using directory synchronization and enabling Directory Based Edge Blocking. See Use Directory Based Edge Blocking to Reject Messages Sent to Invalid Recipients.

Q: What messages can be filtered and sent to the quarantine?

A: Messages that are filtered as spam mail or bulk mail can be sent to the quarantine, in addition to phishing mail, which is sent there by default. You can also set up the quarantine so that when mail matches a transport rule are also sent to the administrator quarantine. The user quarantine doesn't include mail that matches a transport rule.

Q: How long are messages kept in the quarantine?

A: By default, quarantined messages that were filtered as spam, bulk, or phish are kept in the quarantine for 15 days. Quarantined messages that matched a transport rule are kept in the quarantine for 7 days. After this period of time, the messages are deleted and are not retrievable.

You can't customize the retention period for quarantined messages that matched a transport rule. However, the retention period for other quarantined messages can be lowered by changing the Retain spam for (days) setting in your content filter policies. See Configure your spam filter policies.

Q: Can I release or report more than one quarantined message at a time?

A: Yes, you can select more than one message at a time on the Quarantine email page and then choose options for releasing the messages.

Q: Are wildcards supported when searching for quarantined messages? Can I search for quarantined messages for a specific domain?

A: Wildcards are not supported in Advanced search in the Security & Compliance Center. For example, when searching for a sender, you must specify the full email address.

However, by using remote Windows PowerShell, admins can specify the Get-QuarantineMessage cmdlet to search for quarantined messages for a specific domain (for example, contoso.com):

Get-QuarantineMessage | ? {$_.Senderaddress 

The results can be passed to the Release-QuarantineMessage cmdlet. Include the –ReleaseToAll parameter to release the message to all recipients. Once a message is released, it can’t be released again.

Get-QuarantineMessage | ? {$_.Senderaddress -like "*@contoso.com"}
Share Facebook Facebook Twitter Twitter Email Email

Was this information helpful?

Great! Any other feedback?

How can we improve it?

Thank you for your feedback!