The default policy means no notifications and the user has full access:
You can create custom policies as well of course
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I have noticed this new antispam quarantine option in Action.
Just to double check the defaultfullaccesspolicy option means the user:
1) will be notified that an email has been blocked and present in quarantine (will the frequency be immediate or one per day???)
2) can access the quarantine to look at the email filtered.
The default policy means no notifications and the user has full access:
You can create custom policies as well of course
To create a custom policy simply follow these steps and enable notifications:
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/quarantine-policies?view=o365-worldwide#step-1-create-quarantine-policies-in-the-microsoft-365-defender-portal
You may not have the built-in default notification policy in your tenant:
Sorry, misunderstood you. The notifications you set in the anti-spam policy apply to messages deemed as phish in the anti-spam policy, not the anti-phishing specific policy itself. Hope that makes sense.
So , in other words, if you have these set, they will apply to any message that is in the quarantine - except messages blocked by a transport rule or malware
Hi Andy,
checking today in anti-phishing and anti-malware I found the custom quarantine policy I have crated.
Very strange, I have refreshed several times and re-logged. Maybe it takes more time to be applied there.