Help with Microsoft Defender Quarantine - Allowing Secure Emails After Review

Larry Shockey 20 Reputation points
2024-10-04T22:47:28.2766667+00:00

Hi everyone, I’m having trouble with Microsoft Defender for Office 365, specifically related to releasing a secure email from quarantine. The email has been identified as safe, but it's still being blocked. Here are the steps I’ve already taken to resolve the issue:

  1. Reviewed the Quarantine Section: I accessed the quarantine section in the Microsoft 365 Defender portal and attempted to release the email manually.
  2. Added the Sender to the Allow List: I added the sender’s domain and email address to the Safe Senders list in the Anti-Spam policy.
  3. Checked the Policies: I verified that the email met all criteria in the Email & Collaboration policies for not being quarantined.
  4. Adjusted Filters: I adjusted some filters in the Anti-Phishing policy to be more lenient regarding this specific sender and secure emails.
  5. Double-Checked Rules: Ensured that no custom rules or transport rules were set up that might be affecting this sender’s emails.

Despite taking these steps, the email continues to be quarantined, and I'm unsure what else could be causing the issue. Could anyone provide insight into what I might be missing or suggest any additional steps I can take to allow this email to pass through without being blocked in the future?

Thank you so much for your help!

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
5,163 questions
Windows 365 Business
Outlook Management
Outlook Management
Outlook: A family of Microsoft email and calendar products.Management: The act or process of organizing, handling, directing or controlling something.
5,293 questions
Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,595 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,420 questions
{count} votes

Accepted answer
  1. SUNOJ KUMAR YELURU 14,466 Reputation points MVP
    2024-10-05T02:11:51.69+00:00

    Hello @Larry Shockey

    You can add the sender's address to the safe senders list to prevent future issues.

    Step 1: Access Microsoft Defender Portal

    Log in to the Microsoft 365 Defender portal using your administrator credentials. This is where you can manage security settings and view quarantined emails.

    Step 2: Navigate to Quarantine

    Once logged in, go to the "Email & collaboration" section. From there, select "Quarantine" to view all emails that have been flagged and quarantined.

    Step 3: Locate the Email

    In the quarantine list, search for the specific email you want to release. You can use filters or search options to find it quickly, such as by sender, subject, or date.

    Step 4: Review Email Details

    Click on the email to view its details. Ensure that it has been marked as safe and check the reason for its quarantine. This will help confirm that it is indeed safe to release.

    Step 5: Release the Email

    If you confirm the email is safe, select the option to "Release message." This will typically prompt you to confirm the action. Make sure to select any additional options, such as notifying the recipient.

    Step 6: Adjust Policies (if necessary)

    If the email continues to be blocked after release, you may need to adjust your organization's policies. Go to the "Policies" section and review settings related to spam filtering or safe senders. You can add the sender's address to the safe senders list to prevent future issues.


    If the Answer is helpful, please click Accept Answer and Up-Vote, so that it can help others in the community looking for help on similar topics.


1 additional answer

Sort by: Most helpful
  1. Bruce Jing-MSFT 5,870 Reputation points Microsoft Vendor
    2024-10-14T01:36:16.5433333+00:00

    Hi,@Larry Shockey

    It's nice to hear back from you.

    Great to know that the issue has already been resolved and thanks for sharing the solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others", I'll repost your solution in case you'd like to "Accept" the answer : )     

    --------------   

    Issue Symptom: 

    Release a secure email from quarantine that has been determined to be secure but is still blocked.

    Here's what has been tried, but the problem still hasn't been fixed.

    1. Reviewed the Quarantine Section
    2. Added the Sender to the Allow List
    3. Checked the Policies
    4. Adjusted Filters
    5. Double-Checked Rules

    Resolution: 

    Add Domain to Safe Domains List in Exchange Admin Center (EAC)

     

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.