EOP / Office 365: Release a Quarantined Email
This blog is explaining the steps to release the quarantined emails in Exchange Online Protection
Once you login and come to the Exchange or Exchange Online Protection follow the below steps
Steps:
-
Expand the Protection and click quarantine
- Now you will see a list of quarantined messages here. Like the below screen. We have an option to configure to quarantine as an action in the rule which will bring the quarantine message here along with the default quarantine messages recognized by EOP itself.
3. Now we need to decide on the action what we would like to do with this quarantined message. Now select the message and click on mail icon which is the second icon from the left. Then you will see 2 possible actions “Release message without reporting it as a false positive” or “Release message and report it as a false positive”
Now you will see a success message and email will be delivered.
After this false positive will be reported and email will be released and you will see the below window
Now email will be delivered.
. Once you click on it you will see the window as shown below:
8. Powershell
Add the following command switch at the end of the command to see what this command will do.
-whatif
To get the quarantined emails from shell run the command
Get-QuarantineMessage
To see the properties of one quarantined email run the below command:
Get-QuarantineMessage –Senderaddress “senderemailid” | fl
If you need to release the all quarantined emails from shell then run the below command
Get-QuarantineMessage | Release-QuarantineMessage –ReleaseToAll
The above command will release all messages which may be spam or transport rule. So if we decide to just release spam or transportrule then run the below commands.
Spam
Get-QuarantineMessage -Type “Spam” -PageSize 5000 | Release-QuarantineMessage –ReleaseToAll
TransportRule
Get-QuarantineMessage -Type “TransportRule” -PageSize 5000 | Release-QuarantineMessage –ReleaseToAll
I have also added PageSize which is 1000 by default and can go up to 5000 maximum. This is required to get more than 1000 results.
If you need to Release any one email from shell then run the below command
Get-QuarantineMessage –Senderaddress “senderemailid” | Release-QuarantineMessage –ReleaseToAll
Prabhat Nigam
Microsoft MVP | Exchange Server
Team@MSExchangeGuru
August 11th, 2014 at 5:06 am
Nice explanation!
What if we want to retrieve the quarantined email message without “releasing” it to recipients ?
For example, it can contain malicious attachment or link, and we want to analyze it without delivering to the user mail box?
August 12th, 2014 at 9:09 am
@Alfredo
You need to release the email to the designated recipients or to some other recipient which is the only way to read the email.
You can still review header and some of the properties will help you in identifying a spam or virus.
October 12th, 2014 at 8:32 am
Thanks for the reply.
The problem is that I can only release to the recipients, its not allowing to insert an admin email so he can check if the email is safe.
Is this a configuration that has to be changed ?
Thanks
October 13th, 2014 at 2:58 am
Admin should be added to Hygiene Management or Organization Management permissions groups in EOP
October 13th, 2014 at 4:15 am
Thank you for the reply.
October 17th, 2014 at 12:39 pm
We have the SPAM notifications configured and they are very useful. One issue I have is the SPAM notifications that are sent to Shared Mailbox or Resource Mailboxes. When a user have access to these mailboxes click on the link to release a message, they get a “Page Not Found” error.
Hope anyone can help with some directions.
Thanks,
Esam
October 17th, 2014 at 1:13 pm
You might need to wait for a while. If it shows page not found message even after 2-4 hours then open a support ticket from office 365 portal.