Understanding Quarantined Emails


Introduction

This article describes

  • What quarantined emails are
  • How you are notified about quarantined emails
  • What actions you can take for quarantined emails
  • What is done when a release request is received from you

Explanation

What are quarantined emails?

When Exchange Online detects a message that is likely to be harmful, it isolates the message in a location (e.g., quarantine) that prevents you from accessing it. This is what the Quarantine feature in Microsoft 365 does. Messages are quarantined because they contain malware detected by anti-malware policies, Safe Attachments policies, or high confidence phishing detected by anti-spam policies. This feature works on both individual mailboxes and shared mailboxes (e.g., PACE accounts).

For more information, see Microsoft's Use quarantine notifications to release and report quarantined messages page.

What is done with quarantined emails?

Exchange Online puts them in Quarantine. After that, the recipient gets an email message like this one.

Image of the above instructions

What can I do with quarantined messages?

You can review and manage your messages in quarantine by accessing them directly. The quarantine location is available with your Virginia Tech Hokies credentials at the Microsoft quarantine page. If you have doubts about a quarantined message, seek guidance from your IT department before acting.

Actions you can take:

  • Release
  • Block
  • Delete
  • Preview

Release

A message that is quarantined will be removed from quarantine and delivered to your Inbox if you release it. If malware is detected in an item and it is quarantined, you need to get approval from the relevant security team before you can release it, to make sure IT systems are safe and secure.

When releasing messages from your quarantine, please exercise caution and consider the following points:

  • Verification: Before releasing any quarantined message, verify its legitimacy. Ensure that it is from a trusted sender and does not contain suspicious links or attachments.
  • Malware detection: If a message was initially quarantined due to malware detection, refrain from releasing it directly. Malicious attachments or links could compromise your system’s security. Instead, report it to your IT support team for further analysis.
  • Phishing awareness: Be cautious of messages that appear urgent or ask for sensitive information. Phishing emails often mimic legitimate communications. If in doubt, seek confirmation from the sender through an alternative channel (e.g., phone call) before releasing the message.
  • Unfamiliar senders: Be wary of messages from unfamiliar senders. Cybercriminals often impersonate trusted entities. If you receive an unexpected email, verify its authenticity before releasing it.
  • Attachments: Even if a message seems harmless, exercise caution with attachments. Scan them for malware using reliable antivirus software before releasing them.
  • Links: Hover over links in the message to check their destination. Avoid clicking on suspicious or unexpected links. If unsure, consult your IT team.

Block

This adds the sender to your Blocked Senders list, which will prevent all future messages from this sender, deletes the email and any attachments, and removes it from quarantine.

Delete

This action deletes the email and any attachments and removes it from quarantine.

Preview

By using this option, you can safely see what the message contains. However, it will not show you the attachments. Based on this information you see in the preview, you can choose a suitable action to do with the message.

How are release requests handled?

The Division of IT evaluates requests for releases twice a day during normal business hours. Email will be released back to you unless it is determined that the email or attachments are malicious. If it is released, you are responsible for evaluating the validity of the items. You can use the article, Identifying Malicious Emails, to help you evaluate the messages.

The evaluated messages that are determined to be legitimate business emails are reported to Microsoft to prevent quarantining in the future.