Quarantine Management
Message Hygiene & ProtectionQuarantine Management

Quarantine Management

20 mins

Understanding the Concept

The quarantine in Exchange Online holds messages that were caught by EOP or Defender policies. Admins can review, release, or delete quarantined messages. Quarantine policies define what end users can do with their quarantined messages.

Quarantine notifications inform users about quarantined messages, allowing them to request release without admin intervention. Custom quarantine policies can be created to control user permissions per detection type.

Message trace combined with quarantine review is the primary workflow for investigating why legitimate messages were blocked and creating appropriate overrides.

Key Points

Quarantine holds spam, phishing, malware, and rule-blocked messages
Quarantine policies control end-user permissions
Admins can release, preview, and download quarantined messages
Quarantine notifications inform users of held messages
Messages are automatically deleted after 30 days (default)
Tenant Allow/Block List creates overrides for false positives

Why This Matters

Quarantine management balances security with business productivity. Too many false positives frustrate users, while insufficient review may allow threats through. Proper quarantine management ensures legitimate email is delivered while threats are blocked.

Common Mistakes to Avoid

Not reviewing quarantine regularly, missing legitimate business emails
Giving users too much quarantine control, allowing phishing release
Not creating allow list entries for known false positives

Interview Discussion Points

💡Describe your quarantine management workflow
💡Explain how to investigate and resolve false positive detections
💡Discuss quarantine policy customization for different user groups

MS-203 Exam Tips

📝Know quarantine retention periods and automatic deletion behavior
📝Understand quarantine policy permissions and how to customize them
📝Be familiar with the process for releasing quarantined messages and creating overrides

Previous

Anti-Malware & Safe Attachments

Next

User Mailbox Configuration