FireLight IT Solutions

Objective:

Explains how to review and release emails that have been quarantined by Microsoft Defender for Office 365, allowing users to retrieve legitimate emails mistakenly marked as spam or phishing.

Steps:

Step 1: Access the Quarantine Portal

1. Go to the Microsoft 365 Quarantine Page:

   • Open your web browser and go to https://security.microsoft.com/quarantine.
   • Alternatively, sign in at https://portal.office.com, click the App Launcher (grid icon) in the top-left corner, then select Security > Quarantine.

2. Sign in with Your Office 365 Account:

   • Enter your Microsoft 365 email address and password.
   • If Multi-Factor Authentication (MFA) is enabled, follow the verification steps.

Step 2: Review Quarantined Emails

1. Filter the Emails:

   • By default, the quarantine page shows all messages flagged as Spam, Phishing, or Malware.
   • Use the filter options at the top of the page to adjust the view based on:
     • Message Type (Spam, Phishing, Bulk, or Malware)
     • Date Range
     • Sender Email Address

2. Check Email Details:

   • Click on a quarantined email to view more details, including:
     • Subject Line
     • Sender Address
     • Reason for Quarantine
     • Message Header Information

Step 3: Release a Quarantined Email

1. Select the Email to Release:

   • Click the checkbox next to the email(s) you want to release.

2. Click the ‘Release’ Button:

   • At the top of the page, click Release email.
   • A prompt will appear asking if you want to:
     • Report message as having no threats (if the email was wrongly marked as spam/phishing).

3. Choose Whether to Report:

   • If you trust the sender, click Report message as having no threats to improve filtering accuracy.
   • If unsure, proceed with the release.

4. Confirm the Action:

   • Click Release message to send the email to your inbox.

Step 4: Allow the Sender (Optional)

1. Open the Quarantined Email Details:

   • If you frequently receive legitimate emails from a sender who gets quarantined, click on the three dots and select Allow sender.

2. Add to Safe Senders List:

   • This helps prevent future emails from this sender from being quarantined.
   • Emails from allowed senders will be delivered directly to your inbox.

Step 5: Report Suspicious Emails (If Needed)

• If you find an email that is malicious, phishing, or contains suspicious attachments/links, DO NOT release it.
• Instead, click Report Message and choose Report phishing or Report malware to help Microsoft improve email security.

Tips:

• Check Quarantine Regularly: Some quarantined messages automatically expire after 30 days and cannot be recovered.
• Use the Microsoft Defender Email Notification: If your organisation has enabled it, you may receive a daily Quarantine Summary Email allowing you to review and release messages directly from your inbox.
• Admin Assistance: If an important email is missing and not in quarantine, your IT team can check deeper logs using Microsoft Defender Security Portal.