隔离邮件常见问题解答Quarantined messages FAQ

重要

改进的 Microsoft 365 安全中心现在可用。The improved Microsoft 365 security center is now available. 此新体验将 Defender for Endpoint、Defender for Office、365 Microsoft 365 Defender 等引入了 Microsoft 365 安全中心。This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. 了解新增功能Learn what's new.

适用对象Applies to

本主题提供有关在 Exchange Online 中拥有邮箱的 Microsoft 365 组织或没有 Exchange Online 邮箱的独立 Exchange Online Protection (EOP) 组织的隔离电子邮件的常见问题和解答。This topic provides frequently asked questions and answers about quarantined email messages for Microsoft 365 organizations with mailboxes in Exchange Online, or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes.

有关反垃圾邮件保护的问题和解答,请参阅 反垃圾邮件保护常见问题解答For questions and answers about anti-spam protection, see Anti-spam protection FAQ.

有关反恶意软件保护的问题和解答,请参阅 反恶意软件保护常见问题解答For questions and answers about anti-malware protection, see Anti-malware protection FAQ.

有关反欺骗保护的问题和解答,请参阅 反欺骗保护常见问题解答For questions and answers about anti-spoofing protection, see Anti-spoofing protection FAQ.

如何管理因恶意软件隔离的邮件?How do I manage messages that were quarantined for malware?

只有管理员才能管理因恶意软件隔离的邮件。Only admins can manage messages that were quarantined for malware. 有关详细信息,请参阅 以管理员角色管理隔离的邮件和文件For more information, see Manage quarantined messages and files as an admin.

如何隔离垃圾邮件?How do I quarantine spam?

默认情况下,被垃圾邮件筛选分类为垃圾邮件或批量电子邮件的邮件将传递到用户的邮箱,并移动到"垃圾邮件"文件夹。By default, messages that are classified as spam or bulk email by spam filtering are delivered to the user's mailbox, and are moved to the Junk Email folder. 不过,您可以创建和配置反垃圾邮件策略,以隔离垃圾邮件或批量电子邮件。But you can create and configure anti-spam policies to quarantine spam or bulk email messages instead. 有关详细信息,请参阅在 EOP 中配置反垃圾邮件策略For more information, see Configure anti-spam policies in EOP.

如何授予用户对隔离的访问权限?How do I give users access to the quarantine?

用户必须具有有效的帐户,以访问隔离中自己的邮件。A user must have a valid account to access their own messages in quarantine. 独立 EOP 要求在 EOP 中将用户表示为邮件用户 (通过目录同步邮箱手动创建或) 。Standalone EOP requires that users are represented as mail users in EOP (manually created or created via directory synchronization). 有关在独立 EOP 环境中管理用户的信息,请参阅 在 EOP 中管理邮件用户For more information about managing users in standalone EOP environments, see Manage mail users in EOP.

最终用户可以在隔离中访问哪些邮件?What messages can end users access in quarantine?

自 2020 年 4 (,用户可以访问垃圾邮件、批量) 电子邮件和邮件。这些邮件是收件人。Users can access spam, bulk email, and (as of April 2020) phishing messages where they are a recipient. 最终用户无法访问隔离的恶意软件、高可信度网络钓鱼或因邮件流规则中的"将邮件传递至托管隔离"操作而隔离 (也称为传输规则) 。End users can't access quarantined malware, high confidence phishing or messages that were quarantined because of the Deliver the message to the hosted quarantine action in mail flow rules (also known as transport rules). 有关访问隔离邮件的用户详细信息,请参阅以用户模式查找并 释放隔离邮件For more information about users accessing quarantined messages, see Find and release quarantined messages as a user.

邮件在隔离区中保留多久?How long are messages kept in the quarantine?

您可以使用反垃圾邮件策略配置垃圾邮件、网络钓鱼和批量电子邮件在隔离区中保留多久。You configure how long spam, phishing, and bulk email messages are kept in the quarantine by using anti-spam policies. 默认值为 30 天,也是最大值。The default is 30 days, which is also the maximum. 有关详细信息,请参阅在 EOP 中配置反垃圾邮件策略For more information, see Configure anti-spam policies in EOP

对于由邮件流规则操作 " 将邮件发送到托管隔离邮箱"隔离的邮件,这些邮件在隔离中保留 30 天。For messages that were quarantined by the mail flow rule action Deliver the message to the hosted quarantine, the messages are kept in quarantine for 30 days. 无法配置此持续时间。You can't configure this duration.

时间段过期后,邮件将被删除且不可恢复。After the time period expires, the messages are deleted and are not recoverable.

能否一次释放或报告多个隔离邮件?Can I release or report more than one quarantined message at a time?

在安全&合规中心,一次最多可以选择并释放 100 条消息。In the Security & Compliance Center, you can select and release up to 100 messages at a time.

管理员可以使用 Exchange Online PowerShell 或独立 EOP PowerShell 中的 Get-QuarantineMessageRelease-QuarantineMessage cmdlet 批量查找并释放隔离邮件,并批量报告误报。Admins can use the the Get-QuarantineMessage and Release-QuarantineMessage cmdlets in Exchange Online PowerShell or standalone EOP PowerShell to find and release quarantined messages in bulk, and to report false positives in bulk.

搜索隔离邮件时是否支持通配符?Are wildcards supported when searching for quarantined messages? 能否搜索特定域的隔离邮件?Can I search for quarantined messages for a specific domain?

安全与合规中心不支持&通配符。Wildcards aren't supported in the Security & Compliance Center. 例如,在搜索发件人时,需要指定完整的电子邮件地址。For example, when searching for a sender, you need to specify the full email address. 但是,您可以在 Exchange Online PowerShell 或独立 EOP PowerShell 中使用通配符。But, you can use wildcards in Exchange Online PowerShell or standalone EOP PowerShell.

例如,将以下 PowerShell 代码复制到记事本,将文件另存为 .ps1,位置便于您查找 (例如,C:\Data\QuarantineRelease.ps1) 。For example, copy the following PowerShell code into NotePad and save the file as .ps1 in a location that's easy for you to find (for example, C:\Data\QuarantineRelease.ps1).

然后,在连接到 Exchange Online PowerShellExchange Online Protection PowerShell后,运行以下命令以运行脚本:Then, after you connect to Exchange Online PowerShell or Exchange Online Protection PowerShell, run the following command to run the script:

& C:\Data\QuarantineRelease.ps1

该脚本执行以下操作:The script does the following actions:

  • 查找从 fabrikam 域中所有发件人隔离为垃圾邮件的未发布邮件。Find unreleased messages that were quarantined as spam from all senders in the fabrikam domain. 最大结果数为 50,000, (50 页(包含 1000 个结果) )。The maximum number of results is 50,000 (50 pages of 1000 results).
  • 将结果保存到 CSV 文件。Save the results to a CSV file.
  • 将匹配的隔离邮件释放给所有原始收件人。Release the matching quarantined messages to all original recipients.
$Page = 1
$List = $null

Do
{
Write-Host "Getting Page " $Page

$List = (Get-QuarantineMessage -Type Spam -PageSize 1000 -Page $Page | where {$_.Released -like "False" -and $_.SenderAddress -like "*fabrikam.com"})
Write-Host "                     " $List.count " rows in this page match"
Write-Host "                                                             Exporting list to appended CSV for logging"
$List | Export-Csv -Path "C:\Data\Quarantined Message Matches.csv" -Append -NoTypeInformation

Write-Host "Releasing page " $Page
$List | foreach {Release-QuarantineMessage -Identity $_.Identity -ReleaseToAll}

$Page = $Page + 1

} Until ($Page -eq 50)

释放邮件后,无法再次释放它。After you release a message, you can't release it again.