MSExchangeGuru.com

Learn Exchange the Guru way !!!

 

EOP / Office 365: Release a Quarantined Email

This blog is explaining the steps to release the quarantined emails in Exchange Online Protection

 

Once you login and come to the Exchange or Exchange Online Protection follow the below steps

Steps:

  1. Expand the Protection and click quarantine

  2. Now you will see a list of quarantined messages here. Like the below screen. We have an option to configure to quarantine as an action in the rule which will bring the quarantine message here along with the default quarantine messages recognized by EOP itself.

3. Now we need to decide on the action what we would like to do with this quarantined message. Now select the message and click on mail icon which is the second icon from the left. Then you will see 2 possible actions “Release message without reporting it as a false positive” or “Release message and report it as a false positive”

     4.  Out of 2 options If we select “Release message without reporting it as a false positive” then we will see the below windows which has 2 options either release message to all recipient or you can customize the delivery. Select the option and click on release.

 

Now you will see a success message and email will be delivered.

 

       5.  If we choose “Release message and report it as a false positive” then we will see the below window to report false positive. Click on “report false positive”.

After this false positive will be reported and email will be released and you will see the below window

 

Now email will be delivered.

 

      6.  The unreleased emails will be expired after 7 or 15 days. The released emails will also show up in the quarantine and expire after 7 or 15 days. Number of Days is depending on Microsoft.

 

      7. If you have many quarantine messages then you can also do a search using this icon . Once you click on it you will see the window as shown below:

 

      8.   Powershell

Add the following command switch at the end of the command to see what this command will do.

-whatif

 

To get the quarantined emails from shell run the command

Get-QuarantineMessage

 

To see the properties of one quarantined email run the below command:

Get-QuarantineMessage –Senderaddress “senderemailid” | fl

 

If you need to release the all quarantined emails from shell then run the below command

Get-QuarantineMessage | Release-QuarantineMessage –ReleaseToAll

 

The above command will release all messages which may be spam or transport rule. So if we decide to just release spam or transportrule then run the below commands.

Spam

Get-QuarantineMessage -Type “Spam” -PageSize 5000 | Release-QuarantineMessage –ReleaseToAll

TransportRule

Get-QuarantineMessage -Type “TransportRule” -PageSize 5000 | Release-QuarantineMessage –ReleaseToAll

 

I have also added PageSize which is 1000 by default and can go up to 5000 maximum. This is required to get more than 1000 results.

 

If you need to Release any one email from shell then run the below command

Get-QuarantineMessage –Senderaddress “senderemailid” | Release-QuarantineMessage –ReleaseToAll

 

 

 

 

Prabhat Nigam

Microsoft MVP | Exchange Server

Team@MSExchangeGuru

7 Responses to “EOP / Office 365: Release a Quarantined Email”

  1. Alfredo Says:

    Nice explanation!

    What if we want to retrieve the quarantined email message without “releasing” it to recipients ?
    For example, it can contain malicious attachment or link, and we want to analyze it without delivering to the user mail box?

  2. Prabhat Nigam Says:

    @Alfredo
    You need to release the email to the designated recipients or to some other recipient which is the only way to read the email.
    You can still review header and some of the properties will help you in identifying a spam or virus.

  3. Alfredo Says:

    Thanks for the reply.
    The problem is that I can only release to the recipients, its not allowing to insert an admin email so he can check if the email is safe.
    Is this a configuration that has to be changed ?
    Thanks

  4. Prabhat Nigam Says:

    Admin should be added to Hygiene Management or Organization Management permissions groups in EOP

  5. Alfredo Says:

    Thank you for the reply.

  6. Esam El-Olemy Says:

    We have the SPAM notifications configured and they are very useful. One issue I have is the SPAM notifications that are sent to Shared Mailbox or Resource Mailboxes. When a user have access to these mailboxes click on the link to release a message, they get a “Page Not Found” error.

    Hope anyone can help with some directions.

    Thanks,
    Esam

  7. Prabhat Nigam Says:

    You might need to wait for a while. If it shows page not found message even after 2-4 hours then open a support ticket from office 365 portal.

Leave a Reply

Categories

Archives

MSExchangeGuru.com