Quarantined email messages in EOP


Welcome to Microsoft Defender for Office 365, the new name for Office 365 Advanced Threat Protection. Read more about this and other updates here. We'll be updating names in products and in the docs in the near future.

In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, quarantine is available to hold potentially dangerous or unwanted messages.

Anti-malware policies automatically quarantine a message if any attachment is found to contain malware. For more information, see Configure anti-malware policies in EOP.

By default, anti-spam polices quarantine phishing messages, and deliver spam and bulk email messages to the user's Junk Email folder. But, you can also create and customize anti-spam policies to quarantine spam and bulk-email messages. For more information, see Configure anti-spam policies in EOP.

Both users and admins can work with quarantined messages:

  • Admins can work with all types of quarantined messages for all users. Only admins can work with messages that were quarantined as malware, high confidence phishing, or as a result of mail flow rules (also known as transport rules). For more information, see Manage quarantined messages and files as an admin in EOP.

  • Users can work with quarantined messages where they are a recipient if the message was quarantined as spam, bulk email, or (as of April 2020) phishing. For more information, see Find and release quarantined messages as a user in EOP.

    To prevent users from managing their own quarantined phishing messages, admins can configure a different action for the Phishing email filtering verdict in anti-spam policies. For more information, see Configure anti-spam policies in EOP.

  • Admins and users can report false positives to Microsoft in quarantine.

For more information about, quarantine, see Quarantine FAQ.