View Quarantined Emails
Quarantined emails in Microsoft Defender are messages that have been automatically flagged and isolated because they are suspected to be malicious, spam, phishing, or contain harmful content. These emails are not delivered to the user's inbox but are instead moved to a secure quarantine location where they can be reviewed and managed.
Please use the following link to access quarantined emails:
https://security.microsoft.com/quarantine
On this page you can review quarantined messages that have been sent to any mailbox you have access to (this includes your personal mailbox, and shared mailboxes).
Reviewing Quarantined Emails
To determine if the email is something that you should want to request release, look for the Sender, Quarantine Reason and Policy type.
In this example the email was determined to be a phishing attempt, as such, I should scrutinise the legitimacy of the email by verifying the Sender.
You can also preview the email to view the text written. Please note attachments, images, hyperlinks and styling is automatically omitted from the message preview to protect against potentially malicious content.
*There was an Image attached in the above example email, however defender has omitted it from the preview
Requesting Quarantined Email Release
If you have reviewed the message, believe that the message poses no risk, and the message is work related, you can select the Request release option.
When a request for release from quarantine is submitted, an email notification is sent to JSR IT Support, who will review the message for threat indicators including previewing the body of the message. It is up to the discretion of the JSR IT support team to decide whether a request for release from quarantine is approved or denied. Successful requests are then automatically delivered to the inbox of all the original recipients.