隔離的郵件常見問題Quarantined messages FAQ

重要

改良的 Microsoft 365 安全性中心現在可供公開預覽。The improved Microsoft 365 security center is now available in public preview. 這個新的體驗將適用於端點的 Defender、適用於 Office 365 的 Defender、Microsoft 365 Defender 和更多功能帶到 Microsoft 365 安全性中心裡面。This new experience brings Defender for Endpoint, Defender for Office, 365 Microsoft 365 Defender, and more into the Microsoft 365 security center. 了解新功能Learn what's new. 本主題僅適合適用於 Office 365 的 Microsoft Defender 和 Microsoft 365 Defender。This topic might apply to both Microsoft Defender for Office 365 and Microsoft 365 Defender. 請參閱 [適用於] 區段,並且尋找此文章中可能有所不同的特定圖說文字。Refer to the Applies To section and look for specific call outs in this article where there might be differences.

適用於Applies to

本主題針對 Exchange Online 中的信箱或獨立 Exchange Online Protection (EOP) 組織中的 exchange 電子郵件,提供有關隔離365的電子郵件的常見問題和解答,但沒有 Exchange Online 信箱。This topic provides frequently asked questions and answers about quarantined email messages for Microsoft 365 organizations with mailboxes in Exchange Online, or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes.

如需反垃圾郵件保護的相關問題和解答,請參閱 反垃圾郵件保護常見問題For questions and answers about anti-spam protection, see Anti-spam protection FAQ.

如需有關反惡意程式碼保護的問題和解答,請參閱 反惡意程式碼保護常見問題For questions and answers about anti-malware protection, see Anti-malware protection FAQ.

如需反欺騙保護的相關問題和解答,請參閱 反欺騙保護常見問題For questions and answers about anti-spoofing protection, see Anti-spoofing protection FAQ.

如何管理被隔離以進行惡意程式碼的郵件?How do I manage messages that were quarantined for malware?

只有系統管理員可以管理隔離惡意程式碼的郵件。Only admins can manage messages that were quarantined for malware. 如需詳細資訊,請參閱 以系統管理員身分管理被隔離的郵件和檔案。For more information, see Manage quarantined messages and files as an admin.

如何隔離垃圾郵件?How do I quarantine spam?

依預設,歸類為垃圾郵件或大量電子郵件的郵件會傳遞至使用者的信箱,並移至 [垃圾郵件] 資料夾。By default, messages that are classified as spam or bulk email by spam filtering are delivered to the user's mailbox, and are moved to the Junk Email folder. 不過,您也可以建立並設定反垃圾郵件原則,以隔離垃圾郵件或大量電子郵件。But you can create and configure anti-spam policies to quarantine spam or bulk email messages instead. 如需詳細資訊,請參閱在 EOP 中設定反垃圾郵件原則For more information, see Configure anti-spam policies in EOP.

如何讓使用者能夠存取隔離區?How do I give users access to the quarantine?

使用者必須具有有效的帳戶,才能存取隔離中自己的郵件。A user must have a valid account to access their own messages in quarantine. 獨立 EOP 要求使用者在 EOP (會以目錄同步處理) 手動建立或建立的方式呈現給郵件使用者。Standalone EOP requires that users are represented as mail users in EOP (manually created or created via directory synchronization). 如需在獨立 EOP 環境中管理使用者的詳細資訊,請參閱 Manage mail users IN EOPFor more information about managing users in standalone EOP environments, see Manage mail users in EOP.

使用者可以在隔離區中存取哪些郵件?What messages can end users access in quarantine?

使用者可以存取垃圾郵件、大量電子郵件,以及從2020年4月的 () 網路釣魚郵件的收件者。Users can access spam, bulk email, and (as of April 2020) phishing messages where they are a recipient. 使用者無法存取隔離的惡意程式碼、高信賴網路釣魚或因將郵件傳遞至郵件流程規則中 主控的隔離 動作而隔離的郵件 (也稱為傳輸規則) 。End users can't access quarantined malware, high confidence phishing or messages that were quarantined because of the Deliver the message to the hosted quarantine action in mail flow rules (also known as transport rules). 如需存取隔離郵件之使用者的詳細資訊,請參閱 尋找和以使用者身分發行隔離的郵件For more information about users accessing quarantined messages, see Find and release quarantined messages as a user.

郵件保存在隔離區中的時間多久?How long are messages kept in the quarantine?

您可以使用反垃圾郵件原則,設定隔離區中的垃圾郵件、網路釣魚和大量電子郵件的保留時間。You configure how long spam, phishing, and bulk email messages are kept in the quarantine by using anti-spam policies. 預設值為30天,也就是最大值。The default is 30 days, which is also the maximum. 如需詳細資訊,請參閱 在 EOP 中設定反垃圾郵件原則For more information, see Configure anti-spam policies in EOP

針對由郵件流程規則動作隔離的郵件,會將 郵件傳遞至主控隔離區,並將郵件保留30天。For messages that were quarantined by the mail flow rule action Deliver the message to the hosted quarantine, the messages are kept in quarantine for 30 days. 您無法設定此持續時間。You can't configure this duration.

時段到期後,郵件即會刪除,而且無法復原。After the time period expires, the messages are deleted and are not recoverable.

我是否可以一次放開或報告一封以上的隔離郵件?Can I release or report more than one quarantined message at a time?

在 [安全性 & 規範中心] 中,您可以一次選取及發行最多100封郵件。In the Security & Compliance Center, you can select and release up to 100 messages at a time.

系統管理員可以使用 Exchange Online PowerShell 或獨立 EOP PowerShell 中的 Get-QuarantineMessageRelease-QuarantineMessage Cmdlet,以大量尋找及發行隔離的郵件,並大量報告誤報。Admins can use the the Get-QuarantineMessage and Release-QuarantineMessage cmdlets in Exchange Online PowerShell or standalone EOP PowerShell to find and release quarantined messages in bulk, and to report false positives in bulk.

搜尋隔離郵件時,是否支援萬用字元?Are wildcards supported when searching for quarantined messages? 是否可以搜尋特定網域的隔離郵件?Can I search for quarantined messages for a specific domain?

在安全性 & 規範中心內不支援萬用字元。Wildcards aren't supported in the Security & Compliance Center. 例如,在搜尋寄件者時,您必須指定完整的電子郵件地址。For example, when searching for a sender, you need to specify the full email address. 不過,您可以在 Exchange Online PowerShell 或獨立 EOP PowerShell 中使用萬用字元。But, you can use wildcards in Exchange Online PowerShell or standalone EOP PowerShell.

例如,將下列 PowerShell 程式碼複製到 [記事本] 中,並將檔案儲存為. ps1 在輕鬆找到 (的位置,例如 C:\Data\QuarantineRelease.ps1) 。For example, copy the following PowerShell code into NotePad and save the file as .ps1 in a location that's easy for you to find (for example, C:\Data\QuarantineRelease.ps1).

當您連線至 Exchange online PowerShellexchange online Protection PowerShell之後,請執行下列命令以執行腳本:Then, after you connect to Exchange Online PowerShell or Exchange Online Protection PowerShell, run the following command to run the script:

& C:\Data\QuarantineRelease.ps1

腳本會執行下列動作:The script does the following actions:

  • 尋找以垃圾郵件隔離的 unreleased 郵件(來自 fabrikam 網域中的所有寄件者)。Find unreleased messages that were quarantined as spam from all senders in the fabrikam domain. 結果的最大數目為 50000 (50 頁面的1000結果) 。The maximum number of results is 50,000 (50 pages of 1000 results).
  • 將結果儲存至 CSV 檔案。Save the results to a CSV file.
  • 釋放對應的隔離郵件給所有原始收件者。Release the matching quarantined messages to all original recipients.
$Page = 1
$List = $null

Do
{
Write-Host "Getting Page " $Page

$List = (Get-QuarantineMessage -Type Spam -PageSize 1000 -Page $Page | where {$_.Released -like "False" -and $_.SenderAddress -like "*fabrikam.com"})
Write-Host "                     " $List.count " rows in this page match"
Write-Host "                                                             Exporting list to appended CSV for logging"
$List | Export-Csv -Path "C:\Data\Quarantined Message Matches.csv" -Append -NoTypeInformation

Write-Host "Releasing page " $Page
$List | foreach {Release-QuarantineMessage -Identity $_.Identity -ReleaseToAll}

$Page = $Page + 1

} Until ($Page -eq 50)

在您發佈郵件後,就無法再放開。After you release a message, you can't release it again.