With 92% of the digital population using email, it is one of the most convenient forms of communication in the workplace. Since we use it on a regular basis, chances are you have received plenty of spam. Whether it’s advertising emails you never signed up for, unsolicited chain letters, hoaxes claiming you can “get rich in a week”, malware warnings with a suspicious downloadable attachment, or my personal favorite, “for less than the price of a coffee a day you can help a Nigerian prince” money scams. There’s no denying that spam emails are extremely irritating and potentially dangerous for your users.
In this blog, you will learn how Office 365 Quarantine works and how to prevent spam from coming into your user’s inboxes.
Office 365 Quarantine
Part of an administrator’s job is to create a harmless, efficient environment for the organization. Although this may at times feel like a tiresome battle, Office 365 Quarantine assists with this by safeguarding your Outlook against spam and other unwanted messages. This quarantine stores emails in the Microsoft 365 Defender portal, preventing them from being delivered to mailboxes until your users decide to review, release, or report the mail accordingly.
Automated spam filters do a decent job of getting rid of unwanted messages, but they don’t catch everything. By setting up Office 365 Quarantine for your business, you can catch spam messages and potentially dangerous emails through custom policies.
Outlook places all quarantined messages in holding based on your organization’s settings. These additional filters give your users the ability to release the quarantined e-mails using the Security & Compliance Center, block the sender, review the e-mail, or report it. As an admin, you will have access to multiple sections, whereas your typical end-users have restricted access to only their individual Quarantine page.
You have the option to use the Quarantine default or custom policies based on your organization’s needs.
The default Office 365 Quarantine policies are an out-of-the-box way to cover the basic properties and actions that will affect your user’s environment. The Default policies are always activated at the lowest priority and cannot be deleted.
Some examples of Default policies are things like the ability to block a sender, preview an email, allow recipients to release a message from quarantine, or delete a message.
Although the default Quarantine policies are a great first step, they don’t take into account your organizations specific needs. This is where the custom policies steal the show.
You can easily create a policy that allows you to redirect messages that contain blocked, monitored, or replaced attachments to your helpdesk staff, allowing them to decide how to best deal with the emails.
These custom policies give you the ability to filter messages based on users, groups, and domains.
Need Office 365 Support? There is nothing worse than having technology issues with a rigid or nonexistent point of escalation. DCG provides flexible, rapid-response support that not only fixes the immediate issue but addresses the underlying cause to ensure it doesn’t happen again. Learn more about our support options >>
Accessing Quarantined Emails
Once all your policies are determined, default or customized, it’s time to access the Quarantined emails.
Also referred to as a “spam digest email”, your users can receive a notification, similar to the one below, once a day around midnight. This notification is an indication they have one or more quarantined messages and how to review them. The user is able to block senders, release, or review the messages. If the email does not get reviewed within 30 days, it will be deleted automatically from the system.
You can access your quarantine at https://protection.office.com/quarantine, however, your users may want to get a daily e-mail from Microsoft summarizing mail that has been quarantined.
The timing of these notifications cannot be reconfigured, but your users can choose to customize how many days these are sent.
How to Set Up Quarantine & Anti-Spam Policy
Now that you see the value in setting up Office 365 Quarantine, I am going to show you step-by-step how to do it. First, you’ll want to have a Quarantine Policy, and then an Anti-Spam policy that has the Quarantine Policy attached to it. This will allow your users to review all quarantined mail.
1. Navigate to https://protection.office.com
2. Scroll down to Threat Management on the left, and click “Policy”
3. Scroll down to the Rules section and click “Quarantine Policies”
4. Now on the Quarantine Policy page, click “Add custom policy”
5. Give the policy a name, such as Quarantine Notification
6. You can select the default “Limited access” option or choose “Set specific access (Advanced)”
7. As you can see, your recipients will receive options to delete, preview or block Sender for the quarantined message. The drop-down menu for release action also gives you two options:
- Allow recipients to request a message to be released from quarantine
- Allow recipients to release a message from quarantine
8. Decide which option best suits your end-users.
This is very specific for each organization. When DCG helps design this policy, we consider things like how sensitive the organization is to security threats, what has their attack history been, and whether specific users are more of a risk. Our experts also like to consider the cost of helpdesk staff having to review release requests.
9. After making your selections, click “Next.” If you wish to enable it, check the Enable option, then click next, then click “Submit.”
1. On the same page, click back to the main “Threat Policies” page
2. Under the Policies section, click Anti-spam
3. Now you can either create a new policy or edit the Anti-spam inbound policy.
4. With your policy created/selected, click on it to bring up the settings.
5. Scroll down to the Action section and click “Edit actions”
6. In the Actions section, you can choose “Quarantine message” for Spam items
7. Then, select your QuarantineNotification policy created in the previous section and click Save/Close
8. The policy should now go into effect within a few hours.
- The quarantine notifications are sent to your users from “firstname.lastname@example.org”.
- You may want to create a contact for this address and add it to your safe-list, as well as exclude it from External Sender warning rules. This will ensure the quarantined messages aren’t sent to spam or blocked.
- The “Global settings” on the Quarantine policy page is where you can configure how often (in days) the notification goes out, as well as the logo/image Display Name of the Quarantine e-mail notifications.
By the end of this blog, you should have a pretty good idea of how Office 365 works and how to set it up for your organization. With a strong quarantine policy, the days of the Nigerian prince emailing your users personally will dwindle far and in between.
Need Office 365 Admin Assistance? Implementing Office 365 Quarantine into your organization will save your users time and money but if you don’t have the right expertise, those potential savings will diminish quickly when you need to call in reinforcements. If you are looking for Office 365 assistance, DCG is here to help. With 500+ successful projects and implementations, we’ve used our proven methods to help 150+ companies achieve their goals, and your organization could be next. Learn more about Office 365 Support >>