Skip to main content
Quarantine notification email example

Microsoft Defender Quarantine Tips and Tricks

Submitted by krlu2891 on

Earlier this year, OIT migrated its email routing to the Office 365 environment as part of the Mail Security Upgrade project. This change improved security for email at CU Boulder with advanced anti-SPAM and anti-malware protections, while also providing a way for individual email users to directly control their quarantine and safe and blocked senders lists without opening a help ticket.

Since migrating to this new system, OIT has learned more about its capabilities and we’ve made a video going over the reasons for the move, main features of quarantine, recommendations for reviewing messages that get intercepted, and more! Click play below to watch, or visit OIT’s YouTube channel!

Safe and blocked senders lists

A new feature in Microsoft Defender Quarantine are the safe and blocked senders lists. Under most circumstances, when you add an email address to your Safe Senders list, messages from that address should bypass Quarantine and go directly to your inbox. However, if a sender is using tactics that Microsoft has flagged as suspicious, they may still end up in Quarantine, especially right after you add them to your safe senders list. 

On the other hand, your Blocked Senders list instructs the system to keep emails from that sender in Quarantine or even Junk mail, preventing them from getting to your Inbox. An important thing to note is that similar email addresses from the same domain need to be individually added to the blocked list. For example, adding won’t also block

Quarantine Notifications

You have probably noticed daily notification emails summarizing the contents of your quarantine. You can directly manage what happens with these messages from that email by clicking Review message, Release or Request Release, or Block Sender. Email notifications are an automatic feature that OIT can’t turn off. If you’d like to keep these emails out of your inbox, we recommend creating a rule to filter these emails to a folder other than your inbox. Use our Outlook on the Web or Microsoft Outlook desktop inbox rule tutorials to learn how. 

Access and manage your quarantine

You can review and manage any emails that end up in quarantine by going to the Microsoft Defender Quarantine website. After logging in with your IdentiKey credentials, you can preview, release, or delete items directly. In addition to the video above, our Release and delete emails tutorial goes through this process with screenshots of the experience.

Finally, while you can delete any email in your Quarantine, the automatic deletion feature will remove anything older than 30 days, ensuring that your Quarantine stays organized. This allows you to briefly look at and delete those daily notification emails if nothing jumps out as necessary to release.

Additional resources

Ready to learn more? Visit the Microsoft Defender Quarantine page for additional information, frequently asked questions, and tutorials on releasing emails and editing your Safe or Blocked senders list. If your quarantine seems to be blocking more than it should, or if your emails get caught in quarantine, contact the IT Service Center at 303-735-4357 or for additional assistance.