Hello,
we´re currently facing an issue with MS365 Quarantine and with the "High Confidence Phish" (=HCP) emails respectively. Since MS has disabled all possible workarounds, how to prevent certain senders and domains being marked as HCP and thus ALWAYS sent into quarantine, it seems that the only remaining option is to disable the quarantine completely.
It would be all right if the usres would get the daily quarantine reports including the "HCP" emails but they aren´t there at all and we as admins don´t have mailbox licenses in this particular tenant (just to save costs for the customer...) so there´s no way to set admin quarantine notifications either.
Basically, some emails from certain trustworthy domain have been falsely marked as "HCP" and even though it´s very rare, the customer got a "little bit concerned" about it and would like to have the quarantine disabled completely, not willing to miss any important emails. (Murphy´s laws...) And we can´t even guarantee them that this particualr domain / senders will be whitelisted forever because the whitelist cannot be set for longer than 30 days (I did report the false-positive email to MS as well).
Of course we realize the quarantine brings more good than harm, in general, and is right most of the times but to my question:
- If we disable the quarantine - that is, if the command below is correct and won´t bring any unexpected results or implications - we don´t want to disable the entire security policy of course...
Set-HostedContentFilterPolicy -Identity "Default" -QuarantineStatus $false
- Will the High Phish, Phish, SPAM emails (that would normally end up in quarantine) be delivered into the main user inboxes or the SPAM folder?
- The sources I´ve seen so far seem to be rather uneven - some claim that the emails will be delivered right to the inbox but if ONLY the quarantine would be disabled, shouldn´t the security policy still remain active, and thus the headers of incoming emails should still be marked as SPAM? (by adding the SCL attribute for example)
- Or is it just wishful thinking from my side and all of the above would be ignored and the emails will eventually end up in the inboxes.
Thank you
Jakub
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 68%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 80%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAL%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 67%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESF%3C/text%3E%3C/svg%3E)
