Configure Email Security Quarantine Policy in Microsoft 365

In this Microsoft 365 Security blog post, we will explain how to configure email security quarantine policy in Microsoft 365.

Microsoft 365 email quarantine is a security feature that isolates suspicious emails detected by spam filters and phishing detectors from passing in.

Once an email is detected and isolated, it is held in a quarantine area until administrators or users review it and take an action such as:

• Release
• Delete
• Whitelist sender
• Black list sender

Default Quarantine Policy

The default Microsoft 365 Quarantine policy is configured to isolate suspected emails in quarantine until an administrator reviews the queue and takes action. The default policy does not send an email notification when an email is held in quarantine.

Configure Email Security Quarantine Policy in Microsoft 365

To access the Microsoft 365 Quarantine area, use the following URL: https://security.microsoft.com/quarantine. Any email held in quarantine will appear.

In Microsoft 365, email quarantine settings are configured in the default anti-spam policy.

Configure Quarantine Policy

To configure a Quarantine policy, From the Microsoft 365 Security portal, click on Policies & rules under Email & Collaboration, as shown below.

Under Rules, click on Quarantine policies.

By default, Microsoft 365 offers three default quarantine policies.

• DefaultFullAccessPolicy – This policy gives users access to quarantine management without email notification.
• AdminOnlyAccessPolicy – Gives administrators access to quarantine management without email notification
• DefaultFullAccessWithNotificationPolicy – Give users access to quarantine management with notification enables

You should create a new policy for your organization instead of using the default one. To do so, click the Add Custom Policy button on the Quarantine Policy page.

When you create a new policy, you can use a limited access or more advanced approach to allow users to take additional steps. We recommend using Limited access for large organisations and more advanced for smaller organisations.

Apply Quarantine Policy to Anti-Spam

As mentioned, Quarantine policies apply inside your Anti-Spam policy (default or custom). If you decide to use a custom Quarantine policy, apply it to an Anti-Spam and Anti-Malware policy for it to take effect.

To apply a custom quarantine policy, open the Anti-Spam policy page.

From the Security portal, click on:

Policies & Rules

Under Threat policies, click on Anti-Spam.

From the Anti-Spam spam policy page. Select the default or custom inbound Anti-spam policy.

Edit the Anti-Spam policy, and under Select quarantine policy, Select a different quarantine policy from the drop-down list.

Summary

By default, the Microsoft 365 Security Quarantine policy allows only Global admins to manage quarantine without email notification about new emails held in quarantine.

Please contact us if you need help with your Microsoft 365 Security posture.

Contact us

For more articles about Security, visit our Wiz page. For more Microsoft 365 articles, visit this blog.