Release-QuarantineMessage

This cmdlet is available only in the cloud-based service. Use the Release-QuarantineMessage cmdlet to release messages from quarantine in your cloud-based organization. You can release messages to all original recipients, or to specific recipients. For files that are protected by Office 365 Advanced Threat Protection in SharePoint Online, OneDrive for Business and Microsoft Teams, you can unblock the files in the respective team sites and document libraries by using the Release-QuarantineMessage cmdlet so users can access, share, and download the files. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax (https://technet.microsoft.com/library/bb123552.aspx).

Syntax

Release-QuarantineMessage
       -Identities <QuarantineMessageIdentity[]>
       [-Identity <QuarantineMessageIdentity>]
       [-AllowSender]
       [-Confirm]
       [-Force]
       [-ReportFalsePositive]
       [-WhatIf]
       [<CommonParameters>]
Release-QuarantineMessage
       [-Identities <QuarantineMessageIdentity[]>]
       [-Identity <QuarantineMessageIdentity>]
       [-ReleaseToAll]
       [-AllowSender]
       [-Confirm]
       [-Delete]
       [-Force]
       [-ReportFalsePositive]
       [-WhatIf]
       [<CommonParameters>]
Release-QuarantineMessage
       [-Identities <QuarantineMessageIdentity[]>]
       [-Identity <QuarantineMessageIdentity>]
       -User <String[]>
       [-AllowSender]
       [-Confirm]
       [-Force]
       [-ReportFalsePositive]
       [-WhatIf]
       [<CommonParameters>]
Release-QuarantineMessage
       -Identity <QuarantineMessageIdentity>
       [-AllowSender]
       [-Confirm]
       [-Force]
       [-ReportFalsePositive]
       [-WhatIf]
       [<CommonParameters>]

Description

You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://technet.microsoft.com/library/mt432940.aspx).

Examples

-------------------------- Example 1 --------------------------

Get-QuarantineMessage -MessageID "<5c695d7e-6642-4681-a4b0-9e7a86613cb7@contoso.com>" | Release-QuarantineMessage -User julia@contoso.com

This example uses the Get-QuarantineMessage cmdlet to release the quarantined message with the Message-ID value <5c695d7e-6642-4681-a4b0-9e7a86613cb7@contoso.com> to an original recipient julia@contoso.com.

-------------------------- Example 2 --------------------------

Release-QuarantineMessage -Identity c14401cf-aa9a-465b-cfd5-08d0f0ca37c5\4c2ca98e-94ea-db3a-7eb8-3b63657d4db7 -ReleaseToAll

This example releases the quarantined message with the specified Identity value to all original recipients.

-------------------------- Example 3 --------------------------

Get-QuarantineMessage | Release-QuarantineMessage -ReleaseToAll

This example releases all messages to all original recipients.

-------------------------- Example 4 --------------------------

$q = Get-QuarantineMessage -QuarantineTypes SPOMalware; $q[-1] | Release-QuarantineMessage -Organization -ReleaseToAll

This example releases a file that was quaranantined as part of Office 365 Advanced Threat Protection. The first command stores all SharePoint Online, OneDrive for Business and Microsoft Teams quarantined files in the variable $q. The second command releases the last file in the list. For more information about elements in arrays and index numbers, see Accessing and Using Array Elements (https://docs.microsoft.com/powershell/module/microsoft.powershell.core/about/about_arrays#accessing-and-using-array-elements).

Required Parameters

-Identities

The Identities parameter identifies quarantined messages for bulk operations. You identify the messages by using the syntax: value1,value2,...valueN. The value is a unique quarantined message identifier in the format GUID1\GUID2 (for example c14401cf-aa9a-465b-cfd5-08d0f0ca37c5\4c2ca98e-94ea-db3a-7eb8-3b63657d4db7).

You can find the identity value for a quarantined message by using the Get-QuarantineMessage cmdlet.

When you use this parameter, the Identity parameter is required, but the value is ignored. For example, use the value 000 for the Identity parameter.

Type:QuarantineMessageIdentity[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-ReleaseToAll

The ReleaseToAll switch releases the quarantined message to all original recipients. You don't have to specify a value with this switch.

This parameter is required for the quarantine type SPOMalware.

If you previously used the User parameter or the ReleaseToAll switch to release the quarantined message to some or all of the original recipients, those recipients are skipped when you use the ReleaseToAll parameter again. You don't have to specify a value with the ReleaseToAll switch.

You can't use the ReleaseToAll switch and the User parameter in the same command.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-User

The User parameter specifies the email address of the user to whom you want to release the quarantined message. You can specify multiple email addresses separated by commas.

You can use this parameter to release the message to recipients of the original message, or to any other email addresses in the organization.

If you previously used the ReleaseToAll switch to release the quarantined message to all original recipients, and you later release the message again with the User parameter, any original recipients you specify with the User parameter are skipped.

Type:String[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection

Optional Parameters

-AllowSender

The AllowSender switch specifies that all future messages from the sender won't be quarantined. You don't need to specify a value with this switch.

If the message was quarantined because of a transport rule or blocked sender, messages from the sender can still be blocked in the future.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-Confirm

The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding.

  • Destructive cmdlets (for example, Remove-* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: -Confirm:$false.

  • Most other cmdlets (for example, New-* and Set-* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-Delete

This parameter has been deprecated and is no longer used.

To delete quarantined messages, use the Delete-QuarantineMessage cmdlet.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-Force

The Force switch specifies whether to attempt the re-release of previously released messages from quarantine. You don't need to specify a value with this switch.

You need to use this switch whenever you attempt to re-release previously released messages from quarantine.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-Identity

The Identity parameter specifies the quarantined message that you want to release. The value is a unique quarantined message identifier in the format GUID1\GUID2 (for example c14401cf-aa9a-465b-cfd5-08d0f0ca37c5\4c2ca98e-94ea-db3a-7eb8-3b63657d4db7).

You can find the Identity value for a quarantined message by using the Get-QuarantineMessage cmdlet.

Type:QuarantineMessageIdentity
Position:Named
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-ReportFalsePositive

The ReportFalsePositive switch sends a notification message indicating the specified message was not spam. You don't need to specify a value with this switch.

This switch is only available for quarantined spam messages.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-WhatIf

The WhatIf switch simulates the actions of the command. You can use this switch to view the changes that would occur without actually applying those changes. You don't need to specify a value with this switch.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection

Inputs

To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types (https://go.microsoft.com/fwlink/p/?linkId=616387). If the Input Type field for a cmdlet is blank, the cmdlet doesn't accept input data.

Outputs

To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types (https://go.microsoft.com/fwlink/p/?linkId=616387). If the Output Type field is blank, the cmdlet doesn't return data.