Quarantined Email Notifications Overview
Introduction
The quarantine email notification is a message you will receive daily to inform you about potentially dangerous emails that have been quarantined. If no emails were quarantined, you won’t receive this notification. It’s essential to stay informed about any potentially blocked or suspicious emails.
What is Microsoft Defender’s Quarantine?
Defender’s quarantine feature enhances Outlook’s security by safeguarding users from harmful and unwanted emails. It automatically quarantines suspicious emails until the user can review them and request from the Security team to release it if it looks safe.
What is the difference between the Microsoft Quarantine and the Junk Email folder?
The Junk Email folder is designed for messages categorized as spam like advertisements, whereas the Quarantine aims to prevent harmful emails from reaching your inbox like Phishing or emails containing malware.
What is the difference between the Microsoft Quarantine portal and the Quarantine folder in Outlook?
The Microsoft Quarantine portal is not visible through your inbox. The Quarantine folder which is visible in your mailbox is linked to the KnowBe4 Phish Alert Button, which we use to report phishing emails.
When an email is reported as a potential phishing email and it appears to be malicious, it is automatically moved from the recipient’s inbox to the Quarantine folder in your mailbox. The FCDC security team then reviews the quarantined message to determine if it is indeed a phishing attempt:
If confirmed to be a phish, the message is permanently deleted from all mailboxes.
If the message is deemed safe, it is returned to the original inboxes.
Therefore, there is no need for you to review the messages in this folder.
Please avoid opening any emails in the Outlook Quarantine folder, as they can still pose a risk. Typically, the quarantine folder will be empty, but occasionally you might see a message in there since the review process is not instantaneous.
What does the quarantine notification email look like?
You’ll receive the quarantine notification email from FCDC-SecurityTeam and it will contain the following information:
The number of messages that are being held
Details about the prevented messages such as the sender’s email, the subject and the date it was sent.
Option to Review message: Selecting this action takes you to the quarantine portal to view the message.
Option to Request release: clicking this allows recipients to request a message to be released from quarantine and it’ll redirect you to a page letting you know your request was initiated.
The security team will then review the request and release the email to the recipient’s email if it is safe.
How do I preview the contents of the actual message?
To see the actual email that’s been quarantined, follow these steps:
Click Review Message in the Quarantine email notification which will take you to the Quarantine portal
Select the message to preview
Click Preview message
You can also click on Preview message in the flyout that appears on the right
Review the actual message
Why are these notifications important?
Even though Microsoft continually enhances its detection method, expected harmless emails may occasionally end up in the Quarantine. Recipients usually realize this when they notice an email that they were expecting is missing from their inbox. With this notification, users will be made aware of the suspicious emails being sent to them as well as being able to catch misidentified emails so they can request to get them released.
How often will I receive an email notification to check my quarantine?
You will receive daily notifications but can check your quarantined messages at any time by visiting the Quarantine portal. Once you review a message, you won’t receive another email notification for it.
How long do messages stay in Quarantine?
Quarantine messages will be available for 15 days. After 15 days, these emails will expire and cannot be reviewed or released anymore, that is why we recommend that you to check your quarantine regularly.
If an email is incorrectly quarantined by Microsoft Defender, what's the process to get it released?
If an email is mistakenly quarantined by Microsoft Defender, here’s the improved process to get it released:
Review the Message: First, carefully examine the quarantined email by clicking on Review Message in the notification email.
Request Release: Next, request the release of the email by clicking on Request Release.
Security Team Review: The security team will review your request.
Release or Deny: Based on their assessment, they will either release or deny the request.
Instant Delivery: If approved, the email will be instantly delivered to your inbox.
This process ensures timely access to legitimate emails while maintaining security.
What happens if FCDC Security denies my request to release an email?
If we determine that an email is malicious after careful review, we will deny the request and explain the reason in an email that will look something like this:
Hello,
I hope this message finds you well. My name is ..., and I am a Security Analyst at FCDC. We received your request to release the quarantined email from .... After a thorough investigation, we have determined that this email is malicious. Therefore, we cannot release the email.
If you disagree with our assessment and were expecting this email, or have any questions, please feel free to reach out for further assistance.
To learn more about Quarantine Email Notifications, read this article.
What should I do if the email appears suspicious after reviewing it in the Quarantine portal?
If an email appears suspicious after reviewing it in the Quarantine Portal, you don’t need to take any action as it will be automatically deleted after 15 days. You can safely leave it in the quarantine portal where it won’t pose any threat to anyone, and you won’t receive any further notifications about it from Microsoft.
What should I do if I keep seeing messages from trusted senders in my Quarantine?
When you request the release of an email that was misclassified by Defender and quarantined, the security team will review and then release it if it’s safe. They will also submit the false positive to Microsoft in order to improve its detection method which should prevent those types of emails from being quarantined again.
If you have any issues with the quarantine notification emails or other missing emails, please contact the FCDC Help Desk! (helpdesk@franklincountyohio.gov).
FCDC Help Desk | helpdesk@franklincountyohio.gov | 614-525-3282