Feedback by UserVoice

How can we improve compliance or protect your users better in Office 365?

allow quarantined emails to be deleted from the quarantine list for clarity

ability to delete emails in the quarantined queue that were reviewed and are irrelevant . this will make it easier to check the queue over time instead of waiting for the messages to expire.

369 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Gaetan Barthelemy shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    22 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Anonymous commented  ·   ·  Flag as inappropriate

        The only current way to filter this is through PowerShell:
        Get-QuarantineMessage | where {$_.Released -match "false"}
        will show you only messages not already released.
        Then if you decide you want to release the message in PS too you can use the Release-QuarantineMessage cmd

      • Anonymous commented  ·   ·  Flag as inappropriate

        I would like to suggest the following

        once a email is reviewed and released it should be removed from the list. As we are going thru the bulk and spam folders we should be able to also have a button to push to add those messages we see repeat, and block them in one click. Please take care of this, this would make this tool so much better.

      • Drew Lanclos commented  ·   ·  Flag as inappropriate

        This is actually now available in the Security & Compliance Center, just not Exchange Admin Console. Unfortunately S&C doesn't readily show you where emails have been released to recipients, whereas EAC does, so it's not perfect, but it's better than it was.

      • Chad commented  ·   ·  Flag as inappropriate

        We just switched from another vendor, who offers this ability for the end user. This is not an arbitrary request, once you have used it becomes essential.

      • Richard commented  ·   ·  Flag as inappropriate

        It is very difficult to maintain the list of quarantined emails, we have a group of staff monitoring this list and have to visit each email in turn to make sure its been release or not. Other systems we have used remove the email once removed from quarantine.... please make the change.

      • pauld commented  ·   ·  Flag as inappropriate

        Administrators can now delete messages from the hosted quarantine with PowerShell. See Get-QuarantinedMessage and Delete-QuarantinedMessage. Update status of request?

      • Trevor commented  ·   ·  Flag as inappropriate

        This feature is absolutely NECESSARY for security reasons. We have had large phishing campaigns where the emails were properly quarantined, but we have NO WAY to prevent users from releasing the malicious e-mails and clicking on them. We are only able to delete messages that have already arrived in users' mailboxes. There is nothing we can do for known-malicious quarantined e-mails.

      • Aaron Pieper commented  ·   ·  Flag as inappropriate

        We've been getting hit by spammers weekly during our migration to O365 from Notes. This would be such a great thing to have so users are not sending themselves a bogus quarantine notification from a real quarantine notification. If I could just select them all and DELETE, it would save us so much time during outbreaks.

      • jhghg2 commented  ·   ·  Flag as inappropriate

        Couldn't agree more, if an email is convincing enough (there's plenty that are) users will release them from the quarantine and start clicking on malicious links. Admins at least should be able to remove these type of emails from the quarantine to prevent users releasing them.

      • Dan Coan commented  ·   ·  Flag as inappropriate

        Being able to delete, or prevent a user from releasing an e-mail, is a must have for admins. Malicious messages are quarantined but if the user can release it and fall for the phishing attach then it puts the company at risk.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Agree this is needed. Data should also be useful to protection team to validate that a message suspected of being spam is actually seen as spam by the tenant administrator or end user. Hopefully reduce what ends up in quarantine, that which is seen as junk by very large numbers of reports.

      • pauld commented  ·   ·  Flag as inappropriate

        Admin's need this ability like, yesterday! We are seeing phishing attacks land in the quarantine left and right, but once they are there, there is nothing we can do about it.

        We know there are bad messages in the quarantine.
        We know that a certain percentages of users will be taken by the scam, just the same, and release the message from the quarantine.
        We know that a certain percentages of those users, how released the phishing message from quarantine, will then fall for the phish.

        Alas, this happens all too often.

        As admins, we are currently powerless to help. We really need a way to purge known bad messages from the quarantine.

      • John commented  ·   ·  Flag as inappropriate

        This absolutely is a necessity. We have an issue today that was luckily contained in quarantine, but not being able to delete it as an admin leaves us vulnerable to users releasing to their inbox.

      • Anonymous commented  ·   ·  Flag as inappropriate

        I agree that deletion should be allowed...sometimes a message that gets quarantined for the masses should not be allowed to be released or should be removed from a user's ability to release it

      • Jason commented  ·   ·  Flag as inappropriate

        I agree with this: Instead, it would be better if there were a status indicator showing that an email was released, reported as false positive, or whatever

      • Anonymous commented  ·   ·  Flag as inappropriate

        some users release messages containing ransomware from quarantine and get infected. To prevent widespread infections a possibilty to prevent releasing these messages or delete them would be a great addition.

      • Michael McNally commented  ·   ·  Flag as inappropriate

        I wouldn't want to see items deleted from the list. Instead, it would be better if there were a status indicator showing that an email was released, reported as false positive, or whatever. If it was possible to sort or filter on that, it would provide the same solution as deleting.

      ← Previous 1

      Feedback and Knowledge Base