Applies to: Exchange Online, Exchange Online Protection
Topic Last Modified: 2015-02-27
This topic provides frequently asked questions and answers about the hosted quarantine. Answers are applicable for Microsoft Exchange Online and Exchange Online Protection customers.
Q. How do I configure the service to send spam-quarantined messages to the quarantine?
A. By default, content-filtered messages are sent to the recipients Junk Email folder. However, admins can configure content filter policies to send spam-quarantined messages to the quarantine instead. For more information about the different actions that can be performed on content-filtered messages, see Configure your content filter policies.
Q. Does the service have administrator and end user management of spam-quarantined messages?
A. As an administrator, you can search for and view details about all quarantined email messages in the Exchange admin center (EAC). After locating the message, you can release it to specific users and optionally report it as a false positive (not junk) to the Microsoft Spam Analysis Team. For more information, see Find and release quarantined messages as an administrator.
As an end user, you can manage your own spam-quarantined messages via:
The spam quarantine user interface. For more information, see Find and release quarantined messages as an end user.
End-user spam notification messages (if they’re enabled by your administrator). For more information about using this feature, see Use end-user spam notifications to release and report spam-quarantined messages.
Q. How do I grant access to the spam quarantine for my end users?
A. In order to access the end user spam quarantine, end users must have a valid Office 365 user ID and password. EOP customers protecting on-premises mailboxes must be valid email users created via directory synchronization or the EAC. For more information about managing users, EOP admins can refer to Manage mail users in EOP. For EOP standalone customers, we recommend using directory synchronization and enabling Directory Based Edge Blocking; for more information, see Use Directory Based Edge Blocking to Reject Messages Sent to Invalid Recipients.
Q. Can anything other than spam be sent to the quarantine?
A. Messages that match a transport rule can also be sent to the administrator quarantine, if that’s the configured action. The end user quarantine is for spam only.
Q. For how long are messages kept in the quarantine?
A. By default, spam-quarantined messages are kept in the quarantine for 15 days, while quarantined messages that matched a transport rule are kept in the quarantine for 7 days. After this period of time the messages are deleted and are not retrievable. The retention period for quarantined messages that matched a transport rule is not configurable. However, the retention period for spam-quarantined messages can be lowered via the Retain spam for (days) setting in your content filter policies. For more information, see Configure your content filter policies.
Q. Can I release or report more than one quarantined message at a time?
A. The ability to release or report multiple messages at once is not currently available in the EAC or the end user spam quarantine. However, admins can create a remote Windows PowerShell script to accomplish this task. Use the Get-QuarantineMessage cmdlet to search for messages, and the Release-QuarantineMessage cmdlet to release them.
Q. Are wildcards supported when searching for quarantined messages? Can I search for quarantined messages for a specific domain?
A. Wildcards are not supported when specifying search criteria in the Exchange admin center. For example, when searching for a sender, you must specify the full email address.
Using remote Windows PowerShell, admins can specify the Get-QuarantineMessage cmdlet to search for quarantined messages for a specific domain (for example, contoso.com):
The results can be passed to the Release-QuarantineMessage cmdlet. Include the –ReleaseToAll parameter to release the message to all recipients. Once a message is released, it can’t be released again.