Thursday, May 12, 2022

Simplifying the Quarantine Experience - Part Two

Managing false positives should be easy

In the previous blog we talked about some of the key steps we took to make the quarantined experience simpler for our end users and admins. Here in part two, we will be highlighting additional features we’re introducing to make the quarantine experience even more easy to use.


Exciting new updates are coming soon!

Microsoft Defender for Office 365 is rolling out key quarantine management features that will help empower SecOps professionals and end user when triaging emails:

  • Hourly option for notifications
  • Password protected download of quarantined messages
  • Asynchronous quarantine experience – database migration.


Hourly option for notifications

We have heard from customers that they desire granular options when it comes to end user email notifications. We’re adding a new hourly option to end user notifications, allowing users to be able to rely on prompt notification about quarantined items when appropriate. With this feature users can be rest assured that they will be updated frequently once new items lands on their quarantine folder.     




Password protected download of quarantined messages

With this change we’re giving the ability to password protects items they download from quarantine. We want users to be confident that the items they are downloading to their systems will not execute involuntarily without their consent, and this capability will allow them to safely transport the items to external analysis tools.  





Additional updates to support search and larger bulk operations


Microsoft Defender for Office 365 is working to enable additional quarantine enhancements, like partial string search functionality and 1,000 message bulk operation support in quarantine. As a result, we'll be making adjustments to the release process through an asynchronous approach.


What does an asynchronous approach mean for me?

With the asynchronous approach, we're able to support bulk operations up to 1,000 messages, and these larger requests may take longer to process. As a result, we'll be introducing additional statuses for quarantined messages, like “Preparing to release” and “Error”. The “Preparing to release” status will indicate that the messages is in the process of being released while the “Error” status will indicate that a message release has failed, and the user needs to retry.


Let us know what you think!

Test out these new capabilities when they begin rolling out in the next couple months and let us know any feedback you may have. We’re always looking for ways to improve the quarantine experience for users and admins.



Do you have questions or feedback about Microsoft Defender for Office 365? Engage with the community and Microsoft experts in the Defender for Office 365 forum.



Posted at